Given a simple login system (register and login), which of the two choices is more secure:
- Using htaccess and htpasswd files to store and authenticate users
- Using php to CRUD and MySQL (or any other database really) to store the info
User info consists purely of username-password.
Of course, best-case is assumed for both options: MySQL injections are accounted for, password is md5/sha1/md5+sha1/any other means encrypted, etc.
In case you’re wondering, in the first case, php will add user credentials to the htpasswd file. (see this question for an example implementation.)
I’d say always the login form (by which I assume you mean standard session-based authentication).
.htaccessauthentication transmits the password on every request (Of course, SSL would help here).htaccessauthentication doesn’t have any rate limiting / brute-force protection by default in ApacheLogging out from
.htaccessauthentication is a bitch