Secure PHP login script
Moderator: General Moderators
Secure PHP login script
Hi
I am writing a registration and login class and am trying to make the login system as secure as possible. I've looked at a few articles and it would seem my current way of logging in users is open to attack. At present I simply create two session variables: Username and Password (MD5 encypted). However, it would seem this can be hijacked and used by a hacker.
Does anyone have any idea of how to prevent this, or knows of a script which offers the best security possible? It seems a bit of a minefield so any advice would be much appreciated.
Cheers
Mat
I am writing a registration and login class and am trying to make the login system as secure as possible. I've looked at a few articles and it would seem my current way of logging in users is open to attack. At present I simply create two session variables: Username and Password (MD5 encypted). However, it would seem this can be hijacked and used by a hacker.
Does anyone have any idea of how to prevent this, or knows of a script which offers the best security possible? It seems a bit of a minefield so any advice would be much appreciated.
Cheers
Mat
Re: Secure PHP login script
Tell me situations that it can be hijacked by hackers?
-
alex.barylski
- DevNet Evangelist
- Posts: 6267
- Joined: Tue Dec 21, 2004 5:00 pm
- Location: Winnipeg
Re: Secure PHP login script
I am afraid tight security cannot be accomplished through a single class.
It requires insight into the various systems at play. If someone hijacked your session it could have done in any number of ways.
It requires insight into the various systems at play. If someone hijacked your session it could have done in any number of ways.
Re: Secure PHP login script
code > words
Post some.
Post some.
- VirtuosiMedia
- Forum Contributor
- Posts: 133
- Joined: Thu Jun 12, 2008 6:16 pm
Re: Secure PHP login script
Attilus had an interesting method that I've started using...he describes it here
Re: Secure PHP login script
Bah. Overkill (and not actually needed at that)
- VirtuosiMedia
- Forum Contributor
- Posts: 133
- Joined: Thu Jun 12, 2008 6:16 pm
Re: Secure PHP login script
Could you elaborate a little more? I'm curious.Mordred wrote:Bah. Overkill (and not actually needed at that)
Re: Secure PHP login script
That's an odd thing to say. Pushing all the security checks through a single well tested class is going to reduce the chance of something being missed.Hockey wrote:I am afraid tight security cannot be accomplished through a single class.
Re: Secure PHP login script
No point in all that messing with database, session and cookies. Move the sessions to the database if you have issues with file-based sessions. As I reread the thread, it has already been pointed out in the last post on page 2.VirtuosiMedia wrote:Could you elaborate a little more? I'm curious.Mordred wrote:Bah. Overkill (and not actually needed at that)
Re: Secure PHP login script
Thanks for the feedback everyone
It would seem storing sessions in the database is the most secure way of doing things. I have yet to write any code for my login class but the advice given here has been great.
It would seem storing sessions in the database is the most secure way of doing things. I have yet to write any code for my login class but the advice given here has been great.