jesushax Posted March 4, 2008 Share Posted March 4, 2008 Hi to keep my UserID Safe for userse when logged in as a user the userid comes from the sessionID but when logged in as admin to edit the user the usersid getts passed through a querystring ist there another way to do this or is md5'ing a id a good idea? Cheers Quote Link to comment Share on other sites More sharing options...
shocker-z Posted March 4, 2008 Share Posted March 4, 2008 I suppose if you ahve a site that has to be supper secure then yes md5 would stop injections as it would always return alphanumeric charactors. I generally hold userid from the username entered and verify by selecting password from table where username = 'xxx' and then check the md5 pass in database against one sent therefore it's securly checked and sessionid will only be stored after user and pass match anyway therefore there will be no injection attacks further down the line as username is in a session and already validated. Just my 2 pence. regards Liam Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.