chmpdog Posted March 17, 2008 Share Posted March 17, 2008 Hello, I thought my site was protected, but I guess I was wrong. Right now I am storing sensitive user data, such as passwords, in cookies. I know this is a big security flaw but I dont know how to fix it. So I decided to come here and see if you guys could help me. Currently, I have usernames, passwords, and if they are an admin in cookies. Do you know an alternative way to protect this sensitive data? Thanks Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/ Share on other sites More sharing options...
thomashw Posted March 17, 2008 Share Posted March 17, 2008 You could store the passwords in a database, and query the database using a user ID. Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/#findComment-493746 Share on other sites More sharing options...
chmpdog Posted March 17, 2008 Author Share Posted March 17, 2008 Is there some sort of tutorial? Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/#findComment-494025 Share on other sites More sharing options...
revraz Posted March 17, 2008 Share Posted March 17, 2008 http://www.roscripts.com/PHP_login_script-143.html Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/#findComment-494028 Share on other sites More sharing options...
pauleth Posted March 17, 2008 Share Posted March 17, 2008 Yeah I agree with the other posters that you should avoid storing sensitive data on the client machine. They have programs that are designed to go through cookies and expose username/password combos. Storing that sensitive information in a database instead is a good way to go about it. There is a nice PEAR extension that handles user authentication with a database backend for storing credentials... Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/#findComment-494042 Share on other sites More sharing options...
cooldude832 Posted March 17, 2008 Share Posted March 17, 2008 If u want a permanent login via cookies you only need to store the UserID and some sort of way to verify the consistency of said cookie. The rest of the data can be queried on demand and added to sessions if needed Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/#findComment-494050 Share on other sites More sharing options...
chmpdog Posted March 18, 2008 Author Share Posted March 18, 2008 http://www.roscripts.com/PHP_login_script-143.html I checked this out, but there wasnt really anything relating... Link to comment https://forums.phpfreaks.com/topic/96476-passwords-stored-in-cookies/#findComment-495169 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.