Page 1 of 1

Secure pages

Posted: Sat Jul 18, 2009 6:38 pm
by gum1982
Hi

I've been asked to setup a website where users can setup their own account and have their own profile i need this to be a secure area.

Can someone pls give me some information on the best practises to do this.

Do i need to use a ssl certificate?

Any tutorial links would be good anything just somewhere to start.

Thanks

Re: Secure pages

Posted: Sat Jul 18, 2009 10:22 pm
by Christopher
gum1982 wrote:I've been asked to setup a website where users can setup their own account and have their own profile i need this to be a secure area.

Can someone pls give me some information on the best practises to do this.
You can do this simply with HTTP Authentication where the webserver will password protect a directory. Or you can implement a login page for Authentication and have Access Control on the pages you want to be "secure."
gum1982 wrote:Do i need to use a ssl certificate?
Only if you want all information sent between the user and webserver to be encrypted. If by "secure" you only mean controlled access then you do not need SSL.

Re: Secure pages

Posted: Sat Jul 18, 2009 11:28 pm
by Benjamin
Forum Rules wrote: 11. Please use proper, complete spelling when posting in the forums. AOL Speak, leet speak and other abbreviated wording can confuse those that are trying to help you (or those that you are trying to help). Please keep in mind that there are many people from many countries that use our forums to read, post and learn. They do not always speak English as well as some of us, nor do they know these aberrant abbreviations. Therefore, use as few abbreviations as possible, especially when using such simple words.
You may also want to read:
  1. General Posting Guidelines
  2. Posting Code in the Forums
  3. PHP Manual
  4. PHP Tutorials

Re: Secure pages

Posted: Sat Jul 25, 2009 1:01 am
by kaisellgren
HTTP Authentication is simple and easy, but if you want flexibility, you can build a login and a membership system with PHP. PHP comes with a build-in extension called Session. I think you already know this. Have you tried googling? http://lmgtfy.com/?q=php+login+script+session

The bad thing about PHP login scripts is that they are often vulnerable to different kinds of attacks. So, if you decide to take this route, don't hesitate to ask us to evaluate your finished script.

Re: Secure pages

Posted: Sun Jul 26, 2009 2:44 pm
by gum1982
Ok thanks for the feedback guys i will be working on a script which hopefully you guys can look over.