What to use instead of http basic auth?

A

Alexander2019-09-21 10:16:51

Information Security

Alexander, 2019-09-21 10:16:51

We need some simple library for authorization, which can be connected in apache configs. That is, so that you can also specify in the config a link to a file with authorization data, but in this case the form would appear directly in the browser window, and the password would be saved in a cookie. The problem is that in ios, when authorizing via http basic auth, the password is not automatically substituted and it has to be entered manually all the time, which annoys me a lot. I like the way authorization works in code-server. I would like to have a similar universal solution that can be connected to any site at any time through apache configs.

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

D

Dmitry Plotnikov, 2019-11-20
@LordGuard

Why assign authorization to Apache? Maybe it's easier to build on the backend (php or whatever you have) a regular session-based authorization system?
Storing the password in a cookie (even encrypted) is a bad option. Usually, the login/password goes to the server through the form, in response the server creates a session and the session number is stored in the cookie.