password-protecting web pages/directories

Status
Not open for further replies.

heavenly

Member
Which is considered more secure and why?

Combination of server side scripts (php, asp, et al) and database (MySql, Oracle, et al)

Or


IIS built-in authentication.
 
Authentification in your script is always a risk since there could be a way to "kill" it by exploiting a bug in the language or in your own code.
The less layers between the server and the authentification, the better. But then of course you lose a lost of flexibility.
 
How do you customized failed IIS authentication? I don't like a user receiving the cryptic 404 page if he or she clicks cancel.

And how does the IIS authentication work?
 
I don't know, and don't really want to know anything about IIS. I guess there is something in the control panel that will allow you to customize the error 403 page.
 
You can set up IIS to authenticate various ways. We use active directory so they need a domain name \ username and the correct password. If you cancel you get a "you are not authorized to view this page" error. I think you can replace that page with a custom page within IIS.
 
Status
Not open for further replies.
Top Bottom