About admin panel login functions and avoid injection

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
ligaci
Forum Newbie
Posts: 2
Joined: Tue Feb 12, 2008 3:12 am

About admin panel login functions and avoid injection

Post by ligaci »

Hi, This is my first message;

I just want to ask about control panel login security. In my system i use a different method. Because there is only one admin and they need only one username and password. I select all data from admin table on database and i send them an array. Then i compare the usernames and passwords, maybe via array_search or another fuction can be used, if username and password are true login else to the form.

I hope you will understand what i mean. I think this will avoid injection for the systems has few admin. I need your answers to be sure.

Thanks a lot
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: About admin panel login functions and avoid injection

Post by Christopher »

If you are saying that you do not use a database, but instead store the data in an array, then yes you will eliminate SQL injection. But you still may need to filter and escape the input.
(#10850)
Post Reply