Jump to content

Sequre login with cookies.

ram4nd

By ram4nd
in PHP Coding Help

 Share

Recommended Posts

ram4nd Member

ram4nd

Posted
  • Author
Posted

ctype_alnum is about registering. But min and max are a start.

 

1) Username min 3 char, max 12

2) Password min 6, max 15

 

I have to make a hash from that password, what is the most secure hash? What kind of a data should I keep in cookie, cause it's on client side. Should I save ip on every login. Like if user types 5 times password wrong, then do something.

Dorky Member

Dorky

Posted
Posted

no sir you need to check char type on all forms where applicable to keep the form from being a point of attack not just at one point. 

  Quote

ctype_alnum is about registering. But min and max are a start.

 

1) Username min 3 char, max 12

2) Password min 6, max 15

 

I have to make a hash from that password, what is the most secure hash? What kind of a data should I keep in cookie, cause it's on client side. Should I save ip on every login. Like if user types 5 times password wrong, then do something.

Dorky Member

Dorky

Posted
Posted
  Quote

Cookies are not as secure as sessions. Cookies should really only be used in correlation with session variables.

i found out the hard way sessions still require a cookie. so a session based sign in will not work with cookies turned off. the idea they are fully server side is a misconception and using $_GET or $_POST to pass the variable is not secure and an invite for hacks. i use sessions in all my sign ins without setting extra cookies, only the one set by session. i use char limits and requirements and life is good. a chat site i regular got hacked the other day and threats were made against my chatroom but im still up and running even after my logs showed an attempt to run a script on my site.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.