Basic (Very) User Admin System

[tozjerimiah]

Hello.

 

I designed a system a bit back and kinda cobbled it together. I was wondering if anyone could tell me of any security implications with the following setup:

• Usernames & passwords are stored on disk as a php array.
  
• A user enters their username and password into a form.
  
• On submit, the page include()s the username file & the checks to see if their username exists is the array.
  
• If it does, it checks that the password matches.
  
• If it does, a session variable key is assigned (username), with the username as the variable.
  
• As the user navigates the site, the session variables are maintained (session_start()), ensuring that a valid user is logged in.
  

Is the above system relatively secure? Yes, it would be better over ssl and yes it would be vulnerable if a user managed to get read access to the files in the directory in which the usernames.php file is stored but it's on a hosting service which I believe to be secure and the uploader system ensures that uploads are stored in a separate directory with valid file extensions (.jpg etc).

 

Thanks in advance for any advice.

 

Toz

[Christian F.]

I'm concerned about where the password file is stored, and if it can be reached via the web server. Alternatively, if other users on the server have read access to it.

 

Secondly, it doesn't look like you're hashing the passwords in any way, which makes them extremely vulnerable if attackers does get access to the file.

 

I would like to recommend that you read this article about secure login systems, as it will help you understand a lot more about the basic security concerns.

[CodeBarbarian]

Christian F, has given you advice about the most important issues regarding your system.

 

But could you tell us why you are storing the username's and the password's in a file instead of a database?

 

Out of pure curiosity, how do you secure the file against possible malicious attacks?

[txmedic03]

You are taking a poop behind a glass wall and hoping no one will see you. That dog just won't hunt. Much like your glass wall, a flat file format with no encryption gives you very little privacy or security. The best option would be to use a database and some sort of one way encryption algorithm to store the password. You could get the password from your user, apply the same one way encryption algorithm and compare that to see if the password is correct. Now if you are dead set that you don't want to use a database then I suggest http_auth as a possible solution. It would be better than your current solution and done without a database. If that won't do then at least encrypt the passwords and restrict access to the file that stores the passwords to only be accessible from 127.0.0.1 (the loopback interface on the server). That would be at least a slight increase in security. I assume you are running an apache server (it is a pretty popular option) and in the .conf (configuration files) you can find a reference to .ht files these are .htaccess and .htpasswd just off the top of my head and apache makes effort to keep those files from just being casually read by the public at large. You could look to your server configuration for inspiration for securing your information, but by no means is that a solution to your problem. My first answer is the easiest to implement and most likely the best option you'll find for shared level hosting. The other options I mentioned are far less secure and only there as a last resort to show you some other possibilities, but by no means am I suggesting you go that route. I strongly urge you to look into the database option.