Welcome to dbForumz.com!
FAQFAQ    SearchSearch      ProfileProfile    Private MessagesPrivate Messages   Log inLog in

secure login system

  
   Database Forums (Home) -> PHP RSS
Next:  entropy search  
Author Message
frizzle

External


Since: Mar 30, 2005
Posts: 22



(Msg. 1) Posted: Thu May 04, 2006 3:41 am
Post subject: secure login system
Archived from groups: comp>lang>php (more info?)
Hi group,

I need a login system for some 'private' pages.
Users should be pulled from a mysql DB.

Now, i've read a lot on login systems, and somehow there's _always_
the discussion with sessions (hijacking), dynamic IPs/Proxies.
One hand sessions on itself aren't secure (if in default tmp folder)
on the other hand, validating by IP would lock out a lot of users.

Now, what i wonder is, WHAT SHOULD I DO? I really don't know
where to start anymore because there are so much do's and dont's
on this ...

Frizzle.

 >> Stay informed about: secure login system 
Back to top
Login to vote
Rafe Culpin

External


Since: Mar 03, 2006
Posts: 1



(Msg. 2) Posted: Thu May 04, 2006 12:32 pm
Post subject: Re: secure login system [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
In article ,
(frizzle) wrote:

> I need a login system for some 'private' pages.
> Users should be pulled from a mysql DB.

> Now, what i wonder is, WHAT SHOULD I DO? I really don't know
> where to start anymore because there are so much do's and dont's
> on this ...

First of all, google "SQL injection attack" and make certain that you
understand what this is and how to block it. This attack would not only
let anyone read all the passwords, it might (depending on your setup) let
them trash your database.

--
To reply email rafe, at the address cix co uk

 >> Stay informed about: secure login system 
Back to top
Login to vote
frizzle

External


Since: Mar 30, 2005
Posts: 22



(Msg. 3) Posted: Thu May 04, 2006 2:15 pm
Post subject: Re: secure login system [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Rafe Culpin wrote:
> In article ,
> (frizzle) wrote:
>
> > I need a login system for some 'private' pages.
> > Users should be pulled from a mysql DB.
>
> > Now, what i wonder is, WHAT SHOULD I DO? I really don't know
> > where to start anymore because there are so much do's and dont's
> > on this ...
>
> First of all, google "SQL injection attack" and make certain that you
> understand what this is and how to block it. This attack would not only
> let anyone read all the passwords, it might (depending on your setup) let
> them trash your database.
>
> --
> To reply email rafe, at the address cix co uk

AFAIK using mysql_real_escape_string deals with that in all cases
if i parse any input through that... Thanks for reminding though how
important that is!

What i mean, is *globally* what path to walk to get where i want, what
system
/structure to use, because as i said, there are so much do's and
dont's.

E.g. should i use and sessions, ip validating, cookies (remember me)
and
mysql table with logged users, or what?

Frizzle.
 >> Stay informed about: secure login system 
Back to top
Login to vote
Chung Leong

External


Since: Dec 06, 2003
Posts: 245



(Msg. 4) Posted: Mon May 08, 2006 8:51 am
Post subject: Re: secure login system [Login to view extended thread Info.]
Archived from groups: per prev. post (more info?)
Jerry Stuckle wrote:
> He indicates that all so-called "PHP Saints" think prepared statements are the
> way to go. My only response is that the most experienced PHP people think
> prepared statements are ONE way to go. Not necessarily the ONLY way.

I'm afraid the PHP Jihadis don't undersand pluralism very well.
 >> Stay informed about: secure login system 
Back to top
Login to vote
Display posts from previous:   
   Database Forums (Home) -> PHP All times are: Pacific Time (US & Canada)
Page 1 of 1

 
 You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



[ Contact us | Terms of Service/Privacy Policy ]