Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am using flatfile databases (have to) and am putting an apache basic_auth on the folder which I will then access via PHP’s fopen() with the username and password contained within the url, e.g:
fopen("http://username:password@domain.com/protectedDir/file.txt","r");
I am just wondering how safe this is in terms of prying eyes, as I know POST and any other requests can be snooped on by the user but will the user be able to see the url that fopen() requested to?
The URL is not visible to the user by default. However, it may show up in an error message, for example when domain.com is temporarily unreachable. Disable showing of errors to the user.
Secondly, it would be advisable to use HTTPS to send the username and password encrypted over the network, instead of in plaintext.
Edit: PHP hides username and password in the error message: