Jump to content

is $_SESSION SAFEST way?

Gayner

By Gayner
in PHP Coding Help

 Share

Recommended Posts

mrMarcus Member

mrMarcus

Posted
Posted
but no1 needs protection unless u gonna be having a huge site that is very needy on money like gaia online or what not

couldn't be further from the truth.  security should always be a number one priority.  for example, if you are storing users email addresses and passwords to login to your site, you might think that since you are not even on the radar in the terms of high-profile websites, but how many use the same email and password to register for a joe-blow site as they do to login to their actual email account.  i bet the number is quite high.

 

so, if buddy hacker gets into your site (and quite easily since security is not a concern for you), he now has a database full of email addresses and passwords (and while they may be hashed, he's also got ways of brute-forcing those).

 

always take security seriously, no matter whether you're a "huge site" or not.

Link to comment
Share on other sites
Gayner Advanced Member

Gayner

Posted
  • Author
Posted

but no1 needs protection unless u gonna be having a huge site that is very needy on money like gaia online or what not

 

Remind me not to sign up on any web site you created.

 

You wouldn't anyway, and with that attitudei wouldn't want u, lol

 

 

In any event i could tell u i used allprotection and u woulda've signed up I coulda tell u anything.

 

How do u know .

Link to comment
Share on other sites
Irresistable Member

Irresistable

Posted
Posted

Gayner.. you have some cheek on you.

I understand how you think thaty if you using money in the buisness to have security.

 

Though if you had a login, which tracked IP, location, etc.. upon registration, would you like hackers to find out that information and find you? I would think not. Not only is security about protecting the website, its about protecting yourself.

 

If you wanted to use Session to create a very secure login, use IP detectors, so that if your IP isn't the same as the one on registration, then do not login.

 

Though in terms of general security, it depends how it is used, as to whether it can be hacked into.

Link to comment
Share on other sites
Gayner Advanced Member

Gayner

Posted
  • Author
Posted

Gayner.. you have some cheek on you.

I understand how you think thaty if you using money in the buisness to have security.

 

Though if you had a login, which tracked IP, location, etc.. upon registration, would you like hackers to find out that information and find you? I would think not. Not only is security about protecting the website, its about protecting yourself.

 

If you wanted to use Session to create a very secure login, use IP detectors, so that if your IP isn't the same as the one on registration, then do not login.

 

Though in terms of general security, it depends how it is used, as to whether it can be hacked into.

 

it's just a simple login registration form to let users have a big ego if there account is created , username and md5 with sha hash and a text for users to describe about them selves, lol nothing fancy

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.