Security issues related to php and mysql usage. How to make your code secure? Security measures and configurations? It's all in here!
Moderators: macek, egami, gesf
- New php-forum User
- Posts: 1
- Joined: Wed Sep 14, 2011 7:14 am
I'm planning a project that i want to implement it using php and MySQL, i have been searching the net for the best way to do this, i was just wondering if this would be safe:
The user enters the Username and Password.
the user name is hashed using sha1
and the password is hashed with a salt added
if entered correctly they should be equal to what is stored on the database
so if the number of rows returned is equal to '1'
create a couple of session variables
1. password - the hashed password
2. username - the hashed username
and on every page that needs to be protected have a check using the session variables and only allow if the number of rows is = '1' otherwise redirect and exit
would this be a safe technique or can someone spot how this can be exploited
sorry if the example is long winded
any help would be great.
- php-forum GURU
- Posts: 2196
- Joined: Wed Oct 06, 2010 11:19 am
- Location: Happy Valley, UT
Should *NEVER* make a password a session variable.
If anything, a user ID, user access code, username and any groups they belong to.
Return to “PHP & MySQL Security”
Who is online
Users browsing this forum: No registered users and 0 guests