Jump to content


Photo

Login with some security


  • Please log in to reply
4 replies to this topic

#1 Darkness Soul

Darkness Soul
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts
  • LocationBrazil; São Paulo.

Posted 27 March 2006 - 01:02 PM

Hi,

I've reading some references about mysql, but unlucky..

I've been develop a login system, this login is a form that call a page "action.php" where the validation is executed..

The system work wells, but, i like to know about the securit.. my select is like it:

$sql = ' SELECT * FROM tbUsers WHERE login="'. $login .'" AND pass="'. $pass .'" ';
is this the best security form to use a login system? please, if its securyless, i want some help..

Thanks folks,

Soul
(If something is wrong, please tell me. I'm learning this language. Thank you)

#2 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 27 March 2006 - 02:20 PM

I'm not sure what you mean by security -- I'd be more concerned about how you're sending the passcode itself.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#3 Darkness Soul

Darkness Soul
  • Members
  • PipPipPip
  • Advanced Member
  • 133 posts
  • LocationBrazil; São Paulo.

Posted 27 March 2006 - 04:34 PM

[!--quoteo(post=358889:date=Mar 27 2006, 11:20 AM:name=fenway)--][div class=\'quotetop\']QUOTE(fenway @ Mar 27 2006, 11:20 AM) View Post[/div][div class=\'quotemain\'][!--quotec--]
I'm not sure what you mean by security -- I'd be more concerned about how you're sending the passcode itself.
[/quote]

Someone told me that my sql isnt secure, someone can use it as a vulnerability...
(If something is wrong, please tell me. I'm learning this language. Thank you)

#4 fenway

fenway
  • Staff Alumni
  • MySQL Si-Fu / PHP Resident Alien
  • 16,199 posts
  • LocationToronto, ON

Posted 27 March 2006 - 05:21 PM

Well, provided you protect against injection attacks, your queries/scripts are only as secure as your connection itself.
Seriously... if people don't start reading this before posting, I'm going to consider not answering at all.

#5 shoz

shoz
  • Staff Alumni
  • Advanced Member
  • 600 posts

Posted 27 March 2006 - 07:19 PM

Read through this [a href=\"http://phpsec.org/projects/guide/\" target=\"_blank\"]security guide[/a], in particular the SQL INJECTION topic and look at the php function [a href=\"http://www.php.net/mysql_real_escape_string\" target=\"_blank\"]mysql_real_escape_string[/a].






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users