Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.
I've just been told that I have a security issue in the way I authorise users on my site, but I have no idea what the problem is or how I can fix it. Here is the code I am using for pages that require the user to be logged in:
I can set this cookie myself...
You are not validating the cookie data in any way, and if the data in the cookie is used for authentication, it should contain a temporary key and not the exact username or password, as cookie is easy to steal. Better use sessions (in that case the cookie will hold only the session id, which is valid only while the session is valid... use the session_regenerate_id function to prevent the session fixation attach)
Darhazer wrote:I can set this cookie myself...
You are not validating the cookie data in any way, and if the data in the cookie is used for authentication, it should contain a temporary key and not the exact username or password, as cookie is easy to steal. Better use sessions (in that case the cookie will hold only the session id, which is valid only while the session is valid... use the session_regenerate_id function to prevent the session fixation attach)
Thanks, i'll take a look at the session functions now.