chmpdog Posted March 17, 2008 Share Posted March 17, 2008 Hello, I thought my site was protected, but I guess I was wrong. Right now I am storing sensitive user data, such as passwords, in cookies. I know this is a big security flaw but I dont know how to fix it. So I decided to come here and see if you guys could help me. Currently, I have usernames, passwords, and if they are an admin in cookies. Do you know an alternative way to protect this sensitive data? Thanks Quote Link to comment Share on other sites More sharing options...
thomashw Posted March 17, 2008 Share Posted March 17, 2008 You could store the passwords in a database, and query the database using a user ID. Quote Link to comment Share on other sites More sharing options...
chmpdog Posted March 17, 2008 Author Share Posted March 17, 2008 Is there some sort of tutorial? Quote Link to comment Share on other sites More sharing options...
revraz Posted March 17, 2008 Share Posted March 17, 2008 http://www.roscripts.com/PHP_login_script-143.html Quote Link to comment Share on other sites More sharing options...
pauleth Posted March 17, 2008 Share Posted March 17, 2008 Yeah I agree with the other posters that you should avoid storing sensitive data on the client machine. They have programs that are designed to go through cookies and expose username/password combos. Storing that sensitive information in a database instead is a good way to go about it. There is a nice PEAR extension that handles user authentication with a database backend for storing credentials... Quote Link to comment Share on other sites More sharing options...
cooldude832 Posted March 17, 2008 Share Posted March 17, 2008 If u want a permanent login via cookies you only need to store the UserID and some sort of way to verify the consistency of said cookie. The rest of the data can be queried on demand and added to sessions if needed Quote Link to comment Share on other sites More sharing options...
chmpdog Posted March 18, 2008 Author Share Posted March 18, 2008 http://www.roscripts.com/PHP_login_script-143.html I checked this out, but there wasnt really anything relating... Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.