[SOLVED] Cookies ok for passwords?

[MichaelMackey]

Hi, I'm working on a system that has already been setup.  Security isn't a massive issue (not money/etc involved), but it would still be nice to get the best security I can with what's available.  The passwords are not setup as passwords in the database so I'm dealing with them as basic strings. 

 

Are cookies an ok way for a moderate security site to pass passwords between pages?  Is there another option that won't require me changing a great deal of what was already setup?  I am new to php so I'm not too aware of all the functionality it + javascript may have.

[paulman888888]

try this site

http://www.tizag.com/phpT/phpsessions.php

it uses sessions which are simply to cookies but safer

[MadTechie]

Cookies are insecure, sessions would be better,

also you should MD5 the passwords, you may not think its important but manu users use the same password and if a hacker get their password from your site.. you could get in trouble..

 

if you added an extra field in the users database table called "accesslevel" or something like that.. if its set to 1 then that top level and 5 could be normal user.. when they login it could store the accesslevel in a session and user that to check rights..

 

if you use cookies anyone could edit their cookie to be an admin.. (or change the userid to be you)

 

hope that helps

[MichaelMackey]

Ok thanks, I think I'll look into that MD5 as well, I noticed one of the previous coders of this used it when I was trying to learn the code.