Jump to content

JackN

Members
  • Posts

    13
  • Joined

  • Last visited

Posts posted by JackN

  1. Many thanks Jacques for your clear answer :)

     

    I think I understand now, the point is that anyone could guess by brute force testing.

     

    That's a privacy issue like you said, but I imagine that then when the attacker built a list of real username (even fancy one) by BF testing, he can then simulate a lot of login and try all of them with basic passwords like "123". At least one of them should work. This could be security issue in this case, no?

     

    So the conclusion would be, never tell to the people that its username is not available but rather create a script like you provided in you example of prepared statements where the system adapt the username (by increment if necessary) so that it is unique without notifying the user.

  2. Ginerjm, thank you very much for trying to help me whereas it seems like I bother you because I ask questions like if I was not willing to search by my own, which is I agree an horrible behavior for a community member. I really appreciate your patience.

     

    The first message of this thread is:

     

     

    When a new user signs up, they're assigned a user name (their first name and last name combined in a single string).

     

    Because there may be two or more people with the same name, how do I create a loop that will check my database to see if that username already exists, and if it does add a number on the end to make it different, then run another query to see if that one exists too. And keep doing this until a free one is found.

     

    And the firrst answer (that I answered to) is:

     

     

    That is a very bad and insecure way to handle usernames. Don't do it.

     

    If I am wright, no function nor any PHP code was mentioned in these two messages but the member who answered was already thinking that this was insecure the way it was though. I was therefore very curious to understand why he said that. I have a hard time seeing what could I search in Google or in the doc to find such an answer. If there something I am missing, please forgive me.

  3. I think that my words are wrongly written (english is not my 1st language) because I agree with Jacques and had no problem with what he said. Concerning this thread, I read it in whole and could not find any clear explanation (on my point of view -> I am a beginner with PHP) about why it would be insecure. Moreover I read the doc almost every day but I'am not very smart, sorry.

  4. Try to enter "site:www.yourdomain.com" in google, does your website appears? If yes it is therefore indexed by the search engine. In this case you just need some backlinks so that it appears when someone type its name as keyword search. If it does not appears yes there is probably a problem in your code (in this case you should check your robot.txt file first).

     

    Please report us what appears when you type "site:www.yourdomain.com" in google. (replace yourdomain by your domain of course ^^)

  5. Hello everyone!

     

    My name is Nicolas and I am a Canadian PHP learner.

     

    I am also web designer and a big fan of Linux as well as video games (geek!) :)

     

    I hope I will learn more about the amazing language which is PHP and that I will meet nice people (I have no doubt about this) ^^

     

    PS: I don't success in adding an avatar (error: profile_disabled)...

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.