your.syndrome Posted November 25, 2008 Share Posted November 25, 2008 I've been following a tutorial found at a tutorial on NETTUTS about user/membership areas. I understand how all this works but was wondering if anyone can go into detail about the flaws in the security of it and what you could do to remedy them? P.S I'm new here ! So if this kind of topic has been discussed could someone point me in the right direction. Quote Link to comment Share on other sites More sharing options...
dezkit Posted November 25, 2008 Share Posted November 25, 2008 it's pretty secure, but the html is terrible Quote Link to comment Share on other sites More sharing options...
bluesoul Posted November 25, 2008 Share Posted November 25, 2008 Yeah the form could be a little better but the functionality's pretty standard, md5 is far and away the most common form of password encryption on php-powered sites. Quote Link to comment Share on other sites More sharing options...
dezkit Posted November 25, 2008 Share Posted November 25, 2008 Oh and by the way: http://md5decryption.com/ Some hackers already found out a way to decrypt md5, they must be 100% cool and have a totally amazing life. Quote Link to comment Share on other sites More sharing options...
bluesoul Posted November 25, 2008 Share Posted November 25, 2008 Not quite, from the site: How many MD5 hashes are in our database? We have encrypted more than 150,000 words, phrases, acronyms, etc since 2006. It's nothing more than a dictionary search. MD5 is somewhat vulnerable to hash collisions especially with a database of that size. I believe there's still a distributed computing effort going on to outright crack MD5. Quote Link to comment Share on other sites More sharing options...
your.syndrome Posted November 25, 2008 Author Share Posted November 25, 2008 First, thanks for your replies. Hackers 'ey? I'm starting to build a community site with user login and unique profiles for each user. If I use this code to base my authentication on am I going to be making a mistake? Would you suggest using any other script? Quote Link to comment Share on other sites More sharing options...
mtoynbee Posted November 25, 2008 Share Posted November 25, 2008 Just shows that you still need a strong password containing numbers and symbols to reduce the chance of someone getting your password. You can't rely solely on encryption. Quote Link to comment Share on other sites More sharing options...
bluesoul Posted November 25, 2008 Share Posted November 25, 2008 As long as you understand what's going on with the code, I don't see anything obviously bad about it. There's only so many ways to make a login script. Quote Link to comment Share on other sites More sharing options...
tomfmason Posted November 25, 2008 Share Posted November 25, 2008 To be honest I think that code is a mess. I am seriously considering writing a good role based user authentication tutorial. I may even add some BDD to make it interesting Quote Link to comment Share on other sites More sharing options...
your.syndrome Posted November 25, 2008 Author Share Posted November 25, 2008 As long as you understand what's going on with the code, I don't see anything obviously bad about it. There's only so many ways to make a login script. Right okay, looks like I'll be going with this then. Thanks for the advice! When I get hacked I know who to come shout at, jokes! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.