Q&A
| Q1: | I have a Unix system. Can I use /etc/passwd as my user database? |
| A1: | Although using /etc/passwd might seem convenient, it is advisable that you do not use the existing /etc/passwd file for authenticating users of your Web site. Otherwise, an attacker who gains access to a user of your Web site will also gain access to the system. Keep separate databases and encourage users to choose different passwords for their system accounts and Web access. Periodically run password checkers that scan for weak passwords and accounts in which the username is also the password. |
| Q2: | Why am I asked for my password twice in some Web sites? |
| A2: | Your browser keeps track of your password so that you do not have to type it for every request. The stored password ... |
Get Sams Teach Yourself PHP, MySQL® and Apache All in One now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
