Board index   FAQ   Search  
Register  Login
Board index php forum :: PHP and MySQL Security PHP & MySQL Security

Advice on secure login

Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!

Moderators: macek, egami, gesf

Advice on secure login

Postby nathanmm88 » Wed Sep 14, 2011 7:37 am

I'm planning a project that i want to implement it using php and MySQL, i have been searching the net for the best way to do this, i was just wondering if this would be safe:

The user enters the Username and Password.

the user name is hashed using sha1

and the password is hashed with a salt added

if entered correctly they should be equal to what is stored on the database

so if the number of rows returned is equal to '1'

create a couple of session variables

1. password - the hashed password
2. username - the hashed username

and on every page that needs to be protected have a check using the session variables and only allow if the number of rows is = '1' otherwise redirect and exit

would this be a safe technique or can someone spot how this can be exploited

sorry if the example is long winded

any help would be great.
nathanmm88
New php-forum User
New php-forum User
 
Posts: 1
Joined: Wed Sep 14, 2011 7:14 am

Re: Advice on secure login

Postby egami » Thu Sep 15, 2011 4:20 am

Should *NEVER* make a password a session variable.
If anything, a user ID, user access code, username and any groups they belong to.
User avatar
egami
php-forum GURU
php-forum GURU
 
Posts: 2197
Joined: Wed Oct 06, 2010 11:19 am
Location: Happy Valley, UT


Return to PHP & MySQL Security

Who is online

Users browsing this forum: No registered users and 0 guests

Sponsored by Sitebuilder Web hosting and Traduzioni Italiano Rumeno and antispam for cPanel.