Jump to content


Photo

how to secure my websites properly


  • Please log in to reply
2 replies to this topic

#1 astricks

astricks
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 25 May 2006 - 08:00 AM

i wanted to ask you how should i protect my scripts to prevent hacking to session's and cookies - and no, im not talking about the actual insert queries that requires addslashes and so on.

In my cookies i usually just include my password (encrypted) and my UserID - check them with a simple mysql query.
The sessions usually just approves that the user has logged in properly,therefore, has only one variable named ie "has_logged_in".

are ther any common mistakes that is hould look over?
another thing is, how should i use the session.id in order to check for approved login.

thanks, ben.

#2 wisewood

wisewood
  • Members
  • PipPipPip
  • Advanced Member
  • 226 posts
  • LocationRotherham, England

Posted 25 May 2006 - 11:11 AM

I always check the input username and password against md5 hashed username & password in the database.

If they match, set $_SESSION[username] with the name the user input onto the form by using $_SESSION[username]=$_POST[username].

Then, i add the following to each page which requires protection.

if(!$_SESSION[username]) { echo "You need to login to access this page";}
else
{
// Rest of the page content here
}

wisewood: proven fact, I am both wise, and wooden.

#3 astricks

astricks
  • New Members
  • Pip
  • Newbie
  • 3 posts

Posted 25 May 2006 - 11:36 AM

i do the same things. i wanted to know if there are any other security holes that may appear (maybe there is some way to create sessions, dunno), and if there are, i should start using session id's in order to verify the users connection.
about cookies, well its actually the same because i only create the cookie and do the verification once (and the i just continue using sessions).




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users