Hi,
I am getting signUp details in a page (Firstname, Lastname, Username, Password, etc..,) and I am storing it in a database table, username as a primary key. After that, I am getting social profile details, work profile details and storing it in a tables, username as a primary key in each tables. Here I am using SESSION VARIABLE in each page(social profile page and work profile page) to redrive and store username.
But my project leader, not accepting this kinda coding. He is saying that no data security, like that... So anyone of you suggest me a secured way of coding to take data from my signup page to social and work profile pages.
Suggest me a secure way of coding to take a value...
Moderator: General Moderators
- feyd
- Neighborhood Spidermoddy
- Posts: 31559
- Joined: Mon Mar 29, 2004 3:24 pm
- Location: Bothell, Washington, USA
Sessions are the most secure way to transfer information across pages as they aren't transmitted to the user, therefore cannot be manipulated (directly) by them. However they can be stolen. There's no absolute protection against this. Regenerating the session id on a regular basis helps alieviate fixation issues. Using a user id is generally better for the foreign keys as the user id isn't likely to change whereas the username may. The only other, fairly secure option is having them relogin on those pages thereby not requiring sessions at all. However this usually isn't the best user experience. Users will most likely complain about this form.
- maliskoleather
- Forum Contributor
- Posts: 155
- Joined: Tue May 15, 2007 2:19 am
- Contact:
just to add onto that, most of the time when they are stolen, its on a shared server where the session is stored in a root folder. On top of the other measures listed above, saving session data in a non-public folder will prettymuch tighten the session security so much that its not too much of a concern.feyd wrote:However they can be stolen.