Secure pages

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
gum1982
Forum Newbie
Posts: 24
Joined: Tue Dec 16, 2008 11:15 am

Secure pages

Post by gum1982 »

Hi

I've been asked to setup a website where users can setup their own account and have their own profile i need this to be a secure area.

Can someone pls give me some information on the best practises to do this.

Do i need to use a ssl certificate?

Any tutorial links would be good anything just somewhere to start.

Thanks
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: Secure pages

Post by Christopher »

gum1982 wrote:I've been asked to setup a website where users can setup their own account and have their own profile i need this to be a secure area.

Can someone pls give me some information on the best practises to do this.
You can do this simply with HTTP Authentication where the webserver will password protect a directory. Or you can implement a login page for Authentication and have Access Control on the pages you want to be "secure."
gum1982 wrote:Do i need to use a ssl certificate?
Only if you want all information sent between the user and webserver to be encrypted. If by "secure" you only mean controlled access then you do not need SSL.
(#10850)
User avatar
Benjamin
Site Administrator
Posts: 6935
Joined: Sun May 19, 2002 10:24 pm

Re: Secure pages

Post by Benjamin »

Forum Rules wrote: 11. Please use proper, complete spelling when posting in the forums. AOL Speak, leet speak and other abbreviated wording can confuse those that are trying to help you (or those that you are trying to help). Please keep in mind that there are many people from many countries that use our forums to read, post and learn. They do not always speak English as well as some of us, nor do they know these aberrant abbreviations. Therefore, use as few abbreviations as possible, especially when using such simple words.
You may also want to read:
  1. General Posting Guidelines
  2. Posting Code in the Forums
  3. PHP Manual
  4. PHP Tutorials
User avatar
kaisellgren
DevNet Resident
Posts: 1675
Joined: Sat Jan 07, 2006 5:52 am
Location: Lahti, Finland.

Re: Secure pages

Post by kaisellgren »

HTTP Authentication is simple and easy, but if you want flexibility, you can build a login and a membership system with PHP. PHP comes with a build-in extension called Session. I think you already know this. Have you tried googling? http://lmgtfy.com/?q=php+login+script+session

The bad thing about PHP login scripts is that they are often vulnerable to different kinds of attacks. So, if you decide to take this route, don't hesitate to ask us to evaluate your finished script.
gum1982
Forum Newbie
Posts: 24
Joined: Tue Dec 16, 2008 11:15 am

Re: Secure pages

Post by gum1982 »

Ok thanks for the feedback guys i will be working on a script which hopefully you guys can look over.
Post Reply