littlegiant Posted October 31, 2006 Share Posted October 31, 2006 Hi, a few of my friends and I wanted to create a php/mysql based forums for a site.Our problem is security. Is there any good or recommended combination of ways ( sessions, user agent, ip ) to make sure that the user is who we think they are ?Thanks in advance. Link to comment https://forums.phpfreaks.com/topic/25670-creating-forums-need-security-help/ Share on other sites More sharing options...
heckenschutze Posted October 31, 2006 Share Posted October 31, 2006 Why bother auth'ing the user with several methods, Sessions are fine + a combination of cookies couldnt hurt.Just remember, that the User might be logged in more than once, at the same time... (eg on different PCs ect...) Link to comment https://forums.phpfreaks.com/topic/25670-creating-forums-need-security-help/#findComment-117162 Share on other sites More sharing options...
448191 Posted October 31, 2006 Share Posted October 31, 2006 [url=http://www.sitepoint.com/print/php-security-blunders]Pretty solid article at Sitepoint on security[/url]^ The session security chapter will be of perticular interest to you.If you want to use additional info to id a client, you have to be VERY careful what info to use and when (for example, you can't use a client's ip if it's not static). It's usefulness is very limited (once a hacker learns the info it is easily spoofed), properly implementing using additional info might be more trouble then it's worth. Link to comment https://forums.phpfreaks.com/topic/25670-creating-forums-need-security-help/#findComment-117168 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.