tozjerimiah Posted October 30, 2012 Share Posted October 30, 2012 Hello. I designed a system a bit back and kinda cobbled it together. I was wondering if anyone could tell me of any security implications with the following setup: Usernames & passwords are stored on disk as a php array. A user enters their username and password into a form. On submit, the page include()s the username file & the checks to see if their username exists is the array. If it does, it checks that the password matches. If it does, a session variable key is assigned (username), with the username as the variable. As the user navigates the site, the session variables are maintained (session_start()), ensuring that a valid user is logged in. Is the above system relatively secure? Yes, it would be better over ssl and yes it would be vulnerable if a user managed to get read access to the files in the directory in which the usernames.php file is stored but it's on a hosting service which I believe to be secure and the uploader system ensures that uploads are stored in a separate directory with valid file extensions (.jpg etc). Thanks in advance for any advice. Toz Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.