How secure is this login script?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
JayBird
Admin
Posts: 4524
Joined: Wed Aug 13, 2003 7:02 am
Location: York, UK
Contact:

How secure is this login script?

Post by JayBird »

I have built an intranet for a VERY large company, and they are querying how secure the site is because it contains some sensitive information.

I didn't write the login script myself, i am using phpSecurePages which can be found at http://www.phpsecurepages.com/.

Just wondering if anyone has had any experience with this script and know how secure or not secure it is.

What possibles holes are there?

Thanks

Mark
User avatar
SantaGhost
Forum Commoner
Posts: 41
Joined: Mon Sep 15, 2003 11:54 am

Post by SantaGhost »

as far as php is concerned user clients cant access the php files source or database unless they have access to the filesystem (ftp) if the pc where the site is running can be exploited there is a possibility of passwords etc. retrieval, but this is "allways" a possibility.

secondly there are very good encryption systems for php so its at least pretty hard to crack a good secure machine. Normally its impossible. Be shure to run apache, newest version of php and linux/unix with newest updates to minimize security holes, but php is secure as long as you keep your database uname/pw private.
m3rajk
DevNet Resident
Posts: 1191
Joined: Mon Jun 02, 2003 3:37 pm

Post by m3rajk »

umm

is the intranet local to one building?

if not how do they go between buildings? vpn?

if the answer to the first is yes or the second is vpn, it's as secure as the vpn as long as you don't let the world see it
User avatar
JAM
DevNet Resident
Posts: 2101
Joined: Fri Aug 08, 2003 6:53 pm
Location: Sweden
Contact:

Post by JAM »

m3rajk wrote:umm

is the intranet local to one building?

if not how do they go between buildings? vpn?

if the answer to the first is yes or the second is vpn, it's as secure as the vpn as long as you don't let the world see it
If I'm not mistaken security and sensitive information doesn't really have to do with "the outside". An intranet is on a very large company has no outside access whatsoever, so I guess the ideas of security is that if somone on the inside might be able to view information they shouldn't.

Medical records, what different employees gets payed, CEO's personal notes... Not something John Doe in the warehouse should be able to read on his break...

Sorry, Bech, but havn't used it, so I dont dare speak of it.
Post Reply