Search found 24 matches

by scatty1985
Mon Dec 21, 2009 3:10 am
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12078

Re: My novice attempt at making a secure login...

Not really just general observations/advice etc.

I could go through it again and try and convert any repetitive code into functions. That would reduce the amount of code :D
by scatty1985
Sun Dec 20, 2009 4:34 pm
Forum: PHP - Security
Topic: My novice attempt at making a secure login...
Replies: 33
Views: 12078

My novice attempt at making a secure login...

I've been working on a little project to build a secure login system with the objective of learning more about PHP and security. I thought I would put it on here to get some thoughts as to where I could improve and spot any holes in the security side of it. I must point out; I’m in no way, shape or ...
by scatty1985
Sun Dec 20, 2009 5:17 am
Forum: PHP - Security
Topic: Storing binary data in mysql blob
Replies: 1
Views: 1108

Storing binary data in mysql blob

Hi, I've been reading kaisellgren blog on hashing and am trying to store some random binary data from /dev/urandom into the db. I read that mysql_real_escape_string() can be used to insert the data but read that it will get mallformed into the database? How can I store the binary data so that it can...
by scatty1985
Sun Dec 20, 2009 3:40 am
Forum: PHP - Security
Topic: Transmitting passwords over the internet
Replies: 11
Views: 3479

Re: Transmitting passwords over the internet

Im not really looking at using SSL as it cost £££ :P but I am just playing about with different security concepts to try and learn some stuff! :D
by scatty1985
Sun Dec 20, 2009 2:40 am
Forum: PHP - Security
Topic: Transmitting passwords over the internet
Replies: 11
Views: 3479

Re: Transmitting passwords over the internet

How would I go about implementing asynchronous encryption with JavaScript? I have found this script but wouldnt I need something similar in php to decrypt the passwords on the server side?

Thanks
by scatty1985
Sat Dec 19, 2009 9:50 am
Forum: PHP - Security
Topic: session timeout
Replies: 8
Views: 3578

session timeout

Hi, I'm trying to use session timeout to log a user out if they have been inactive for a period of time. I've been using this idea to play about with sessions and challenge response authentication. I wanted to include a facility to time out a session after say 5 minutes. I tried adding the following...
by scatty1985
Fri Dec 18, 2009 5:32 pm
Forum: HTML, CSS and other UI Design Technologies
Topic: execute javascript onclick or onsubmit?
Replies: 1
Views: 1574

execute javascript onclick or onsubmit?

Hi, I'm learning PHP Javascript and HTML. I've been playing with a piece of code that will pass a password from a user to the $_POST global but some Javascript must first hash the password before the next page can sanitise and submit the data to a database. I have some code which does it using the o...
by scatty1985
Fri Dec 18, 2009 9:17 am
Forum: PHP - Security
Topic: Transmitting passwords over the internet
Replies: 11
Views: 3479

Re: Transmitting passwords over the internet

Ah ok I think I understand. Anyone could intercept the hashed passwrod as its transmitted and gain access.
by scatty1985
Fri Dec 18, 2009 9:08 am
Forum: PHP - Security
Topic: Transmitting passwords over the internet
Replies: 11
Views: 3479

Transmitting passwords over the internet

Hi, First of all I'm new to this site and am trying to teach myself PHP, Javascript and stuff like that so I'm pretty new to all of this! I have a quick question to ask. I'm playing about with security and wanted to know which was the most secure method of submitting data to a database, for example ...