Security Issue

mmarif4u · May 30, 2007

Hi guys,

I have some q's about secuirty issue with php and mysql.

I have 4 pages where a user comes from 1st page and go through next pages.

i use GET for passing data to other pages and encrypt it using base64_encoding. and then decrypt in the

next page for use.{Is this secure.}

I also use sessions for a valid user, if the user is not coming from 1st page error msg is displayed.

In session in 1st page i save a md5 random key using (1 to 10).Then passing to next pages{Is this secure.}.

For saving data into db i use mysql_real_escape_string for user input to filter then save to db {Is this secure.}

Bcoz i want to make my pages,and input from users more secure from maleciuos users.

Any other idea will be greatly appreciated...

Waiting for a good response on this security issue.

Thanks.

The Little Guy · May 30, 2007

Storing personal information in a session isn't secure, such as: passwords, Credit Card Numbers, etc.

Instead of using GET, use POST, it is more secure than get since information MUST be passed through a form, and will not display in the URL.

mmarif4u · May 30, 2007

Thanks for reply.

1st of all there is no such passwords or credit card number to store, i am just storing user input in GET and

a valid key in session, for next pages.

what are comments about this:

In session in 1st page i save a md5 random key using (1 to 10).Then passing to next pages{Is this secure.}.

For saving data into db i use mysql_real_escape_string for user input to filter then save to db {Is this secure.}

Recommended Posts