HTTP authentication is a perfect way of doing authentication for administration pages where you don’t really need nice-looking form-authentication and remember me checkboxes (although some browsers show that for you). Plus using HTTP Authentication you can make Robots perform authenticated connections to your application (RSS Readers, mobile devices, scriptable accesses…)
Something many people have forgot from the 90's is that you can simply call https://username:password@example.com/admin/orders.xml and as long as the the connection is encrypted using SSL the password will be ”safe”.
By the way, who needs that pretty looking form for an administration interface you an 5 people more are going to use?
HTTP authentication in dead simple in Akelos. It was added to on 0.x.413 (trunk version).
In order to use it, you need to provide users in one of these formats:
'username' ⇒ 'password'. This is the simplest and most convenient way for small sites. Remember to md5() passwords to avoid compromising them from peering eyes.$User→authenticate($user_name, $password, $controller /* optional */); and returns true if it should grant access or false if it should not.array('handler'⇒$MegaAuthenticator, 'method' ⇒ 'ultraCheckCredentials'), the parameters will remain the same as in previous example. Here is a sample of the simplest implementation
<?php class PostController extends ApplicationController { var $_authorized_users = array('bermi' => 'secret'); function __construct() { $this->beforeFilter(array('authenticate' => array('except' => array('index')))); } function index() { $this->renderText("Everyone can see me!"); } function edit() { $this->renderText("I'm only accessible if you know the password"); } function authenticate() { $this->_authenticateOrRequestWithHttpBasic('My Blog', $this->_authorized_users); } } ?>