Jump to content


Photo

Writing paranoia secure login class with option


  • Please log in to reply
3 replies to this topic

#1 redgorilla

redgorilla
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 10 May 2006 - 06:13 PM

Hello. I have some experience in php and have just started writing of my own first medium sized script. I have used some ready classes but decided to make my own secure class and improve it later. So the most important part is security issue. I decided to make paranoiac class that will store unique created id in sessions, cookies and database both with user ip. So i think it will protect from stealing session and cookies. Is it paranoia or it will work?

#2 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 10 May 2006 - 08:29 PM

Red, could you be more clear? Do you mean that you want to store in a user session everyone's information? More likely, you mean you want to store everyone's information in a database and store a user's specific information in a session/cookie. But out of curiousity why do you want it to be "so secure"? I don't think adding more to a session will make things any more secure, and some things, such as IP address, will just make more trouble for yourself. Most likely, just the user id will be enough and you can query the database to confirm the user and his information at the beginning of each page if you are worried.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com

#3 redgorilla

redgorilla
  • New Members
  • Pip
  • Newbie
  • 5 posts

Posted 10 May 2006 - 08:54 PM

[!--quoteo(post=373080:date=May 10 2006, 11:29 PM:name=Buyocat)--][div class=\'quotetop\']QUOTE(Buyocat @ May 10 2006, 11:29 PM) View Post[/div][div class=\'quotemain\'][!--quotec--]
Red, could you be more clear? Do you mean that you want to store in a user session everyone's information? More likely, you mean you want to store everyone's information in a database and store a user's specific information in a session/cookie. But out of curiousity why do you want it to be "so secure"? I don't think adding more to a session will make things any more secure, and some things, such as IP address, will just make more trouble for yourself. Most likely, just the user id will be enough and you can query the database to confirm the user and his information at the beginning of each page if you are worried.
[/quote]

As i said it's paranoia :-). I just want to store unique code both in session and in cookies and compare it with value that stored in db. Or i should not use cookie at all for current use info?

#4 Buyocat

Buyocat
  • Members
  • PipPipPip
  • Advanced Member
  • 267 posts

Posted 10 May 2006 - 09:12 PM

Just use a session (which at least from my experience seems to make a cookie along with it, though I think you can turn that off), and store the unique user id. That should be enough to identify users and mark them as in or out. If they somehow don't have their id on them you can shuttle them to a log in page with the header () function.
Looking for some easy-to-use tools?  Try these, https://sourceforge....jects/utils-php -- I made them myself.  They're distinct tools which are easy to understand and use.  See some examples uses at http://www.anotherearlymorning.com




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users