Simple Login System

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
KBC
Forum Newbie
Posts: 6
Joined: Mon Aug 07, 2006 12:34 pm

Simple Login System

Post by KBC »

Hi, I'm currently developing a website and wish to implement it so that users have to "login" to obtain extra features on the website.

For an amateur PHP coder like myself, is it safe to implement this in PHP using sessions and MySQL to verify and to store the data, by this I mean storing username and passwords and profile information and using a series of forms. Would this be sufficient without getting into SSL and other security expenses?

Thanks for your help!
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

What determines the answer for your question is the content that will be in the database. If there is anything personally identifiable, potential financial or something that could result in your getting sued, use SSL. If it is just for testing, go for it.
KBC
Forum Newbie
Posts: 6
Joined: Mon Aug 07, 2006 12:34 pm

Post by KBC »

Everah wrote:What determines the answer for your question is the content that will be in the database. If there is anything personally identifiable, potential financial or something that could result in your getting sued, use SSL. If it is just for testing, go for it.
Hi Everah, it will be a personal web page. So like the forums here... will only store the details we needed to register on this forum. I gather this would be more than adequate for the job? =] Also, is it better using PHP built in session support or cookies??
User avatar
RobertGonzalez
Site Administrator
Posts: 14293
Joined: Tue Sep 09, 2003 6:04 pm
Location: Fremont, CA, USA

Post by RobertGonzalez »

Sessions are going to try to use cookies anyway, so you may as well use sessions. Plus it will be another learning process for you (so as to make you a gooder developer :wink: ).

PS I don't really speak like an idiot. Well, other than here I don't anyway.
KBC
Forum Newbie
Posts: 6
Joined: Mon Aug 07, 2006 12:34 pm

Post by KBC »

Everah wrote:Sessions are going to try to use cookies anyway, so you may as well use sessions. Plus it will be another learning process for you (so as to make you a gooder developer :wink: ).

PS I don't really speak like an idiot. Well, other than here I don't anyway.
Thank You! :D Will do. Thanks for your help, I will try and be a "gooder" developer. :D
Post Reply