php user login security

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
nawhaley
Forum Commoner
Posts: 85
Joined: Wed May 18, 2005 11:43 am

php user login security

Post by nawhaley »

Hey does anyone know a good site to find to help me develop a login page using PhP and Javascript to hash the users password for security reasons. I just need something relatively simple to keep casual hackers out of my database system while allowing my users to access the application at the same time. I've tried using javascript to do an MD5 hash on the client side adding in a random challange variable to keep hackers from just sniffing the clear text or the hashed text and getting in all the time but I dont seem to be having any luck.

I can hash anything I want on the server end but when I try to do the javascript portion of the code its not recognizing the external js file I have that allows javascript to hash. So does anyone here know any sites I can go to get some ideas on how to resolve this?
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

Last edited by Roja on Fri Dec 30, 2005 7:39 pm, edited 1 time in total.
nawhaley
Forum Commoner
Posts: 85
Joined: Wed May 18, 2005 11:43 am

Post by nawhaley »

it says that topic dosen't exist anymore when I try to link to it.
Roja
Tutorials Group
Posts: 2692
Joined: Sun Jan 04, 2004 10:30 pm

Post by Roja »

nawhaley wrote:it says that topic dosen't exist anymore when I try to link to it.
Odd. Works for me.

Look in the "Tutorials section", for "Challenge/Response Login Process Tutorial". Thats what I am linking to.
malcolmboston
DevNet Resident
Posts: 1826
Joined: Tue Nov 18, 2003 1:09 pm
Location: Middlesbrough, UK

Post by malcolmboston »

doesnt work for me either

just search for it
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Its linked from my sig even - I checked, it certainly exists...
mickd
Forum Contributor
Posts: 397
Joined: Tue Jun 21, 2005 9:05 am
Location: Australia

Post by mickd »

Roja had a different url up there before, thats why it didnt work..
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Missed the edit ;) Any q's on the tutorial let me know...
Post Reply