Page 1 of 1
Secure login
Posted: Tue Jan 14, 2003 4:01 am
by terji
How does one SAFELY secure the administration part with a username and password?
I have a site where usernames and passwords are stored in a MySql database and I'm looking for the "best" way to secure the pages that only the siteusers should have access to.
Posted: Tue Jan 14, 2003 4:30 am
by laserlight
"Best" would depend on your definition.
You could have one that used SSL and the like, or a simple cookie based one with no encryption or hashing.
Would also depend on whether you just intend to use it for some personal website or if security is really an issue.
The site a...
Posted: Tue Jan 14, 2003 6:57 am
by terji
The site I'm making is just a "educational" site for guitar freaks. I'm making a community which allows them to exchange tips and music sheets.
Therefor using SSL is a bit extreme, but to me personally the security of the community members profile data is a must!
I'm not specially happy with cookies, so that leaves me with the option to create a file that checks for logon and include it in every php file that is a part of the administration(how should this file be done?).
This seems to me to be a good idea, but if there are other solutions I would be glad to hear them.
Posted: Tue Jan 14, 2003 9:34 am
by Skywalker
when you are making an new account for some one make sure you encrypt it, because when somebody can enter the database he will have all the logins and passwords. so make sure you use MD5 to encrypt.
The password will be the same, but in the database it generates a strange string that is not the same as the password.
Look for more information on php.net/md5
Posted: Tue Jan 14, 2003 9:52 am
by Elmseeker
I would have to agree with walker, the md5 hash is pretty decent and seems to do a good job. I use md5 on my site and I believe these boards use it also...It's not as secure as SSL or something like that but for a basic security scheme it should do just fine.