Search the Community
Showing results for tags 'secure passwords'.
-
Hi guys, Had a few questions. First off, my gear. Using CS5.5 for development with server 2003 iis6.0. What I'm developing is pretty straight forward, and has the following features: 1) Secure form people use to register company info & user info. 2) Once logged in, users will be able to post/update/edit/delete information about funerals to a universal funeral info database. 3) There will be two types of user accounts. An admin that can see all funeral information from all funeral homes, and then funeral home accounts that will only be able to see their individual account data. That's it...so I had a few questions... 1) I've been able to create a registration form pretty easily, and it posts to my database no problem. Only one issue that I can see right now. The password column shows the actual password...no encryption. Is there an easy way to encrypt the passwords that won't harm a user's ability to access their individual account? 2) I'm using dreamweaver's user authentication to allow access to restricted areas within the web site. When a person log's in, it verify's their information by checking their username/pwd. Then it further restricts a persons ability to view everything by fetching an access level associated with each user. I was able to echo and print the access level variable, which correlates to the user's account number. I want to use this information in a dynamic page that lists all records (funerals) associated with that account number. I can do that easily enough, but is PHP secure enough to prevent someone from logging in with a username & password and simply changing the account number (aka access level), and then running amuck with the funeral listings? Is that what's called an SQL injection attack? 3) I suppose I could add some more security, but not sure if it would help? What if instead of not just searching the account number for their funeral information, it matched their account number AND the name of the company when it pulled in information from the universal database? I want to make sure this is secure since we're dealing with funeral homes. It would take a sick #$#@ to screw with someone's funeral information, but I'd rather be safe than sorry. Thanks for any advice folks