Security problems is more and more important on the internet today. You can see the problems .
This chapter is really exciting, you can learn serveral ways of attacking the web application and the method to
protecting the websites. Somehow, you can be a hacker after studying.
1. Attack on the Admin page.
The last project, we can easy control to the admin user by accessing the admin page by URLs.
Thats the problem, if a hack can have the access to the admin user, it must be very bad.
Its also very simple to solve this problem. Using HTTP authentication to password protect the Admin page.
When a page is secured using HTTP authentication. a window pops up requesting the user name and password
before access is allowed to the protected page. we can limit access to the Admin page to a few peple as you
want.
you need to insert authorize.php script before you can visit the admin page.
/*** authorize.php ***/
<?php // User name and password for authentication $username = 'rock'; $password = 'roll'; if (!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']) || ($_SERVER['PHP_AUTH_USER'] != $username) || ($_SERVER['PHP_AUTH_PW'] != $password)) { // The user name/password are incorrect so send the authentication headers header('HTTP/1.1 401 Unauthorized'); header('WWW-Authenticate: Basic realm="Guitar Wars"'); exit('<h2>Guitar Wars</h2>Sorry, you must enter a valid user name and password to access this page.'); } ?>