Jump to content

OOPHP security

RopeADope

By RopeADope
in Application Design

 Share

Recommended Posts

RopeADope Member

RopeADope

Posted
Posted

So I'm still fairly new to PHP.  Been working with it for several years but most of my projects are/were simple websites.  I've started to dabble in OOPHP and I've got a question related to security.  I know the old way(well its old to me anyway  :P) is to use session variables.

 

1st Q: Would it be a good practice to put several session variables into a "security token" object?  Advantages/disadvantages?

 

2nd Q: If it is a good idea to created said security token, would it provide an extra measure of security to check the session variables against a cookie?(e.g. would this provide a check and balance type security measure? {check cookie, if !security_token[0][1][etc] in cookie, destroy session, set cookie null})

 

Any advice would be much appreciated  :D

Link to comment
https://forums.phpfreaks.com/topic/204737-oophp-security/
Share on other sites
RopeADope Member

RopeADope

Posted
  • Author
Posted

1. Can't see any advantages or disadvantages.... I can't see the point really. $_SESSION is pseudo global variable anyway.

2. If you're worried about cookie tampering, just don't use cookies (for anything else but session id that is)

 

So pretty much just stick with the traditional method of security?(session variables?)  If there's a more secure alternative, I'd appreciate a link.  I've only ever learned security via sessions and/or cookies.

Link to comment
https://forums.phpfreaks.com/topic/204737-oophp-security/#findComment-1071901
Share on other sites
RopeADope Member

RopeADope

Posted
  • Author
Posted

Ok. Perhaps you should explain what you mean by 'security', because I feel we're missing something here.

 

Ah, I apologize, perhaps I was unclear.  I guess in a nutshell: Is there a better way to protect pages that are supposed to be viewable only upon login than checking for session variables?

 

My initial question about the security token was just my brain wondering if you could take a bunch of session variables and wrap them up into a package.  I think we've digressed from that however  ;)

Link to comment
https://forums.phpfreaks.com/topic/204737-oophp-security/#findComment-1071993
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.