Re: Re: Secure pages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



what i have sone in the past for passwords on web pages is have something
like:

<?
if(md5($MyCookie) != "anencryptedpassword")   {
     header("Location:http//homepage.com/whatever");
     }

that way even if someone got the file and wanted to find out what the "some
value" was it would be encrypted.

There are probably still ways around this, but for the info you are hiding
from people, this is probably safe enough, at least for me it is.




David Olbersen <dave@xxxxxxxxxxxxx>@postgresql.org on 03/13/2001 02:50:45
PM

Sent by:  pgsql-php-owner@xxxxxxxxxxxxxx


To:   Michael Fork <mfork@xxxxxxxxxxxxxx>
cc:   <Timothy_Maguire@xxxxxxxxxxxxxx>, Paul Joseph McGee
      <mcgee@xxxxxxxxxxxxxxxxx>, <pgsql-php@xxxxxxxxxxxxxx>

Subject:  Re: Re: Secure pages


On Tue, 13 Mar 2001, Michael Fork wrote:

->not if the include file ends with a .php -- since it is in <? ?>, anybody
->acessing the file from a web browser would not be able to see it.

I misunderstood, I thought you meant that you would put that code in an
included
file. Which anybody could get at. However the code being hidden doesn't
change
that I could look for a cookie from your domain, see it's value, and still
create another cookie.

What you're all looking for is a *session based* authentication system. PHP
does
this, and you can do it yourself if you have a database set up.

-- Dave


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@xxxxxxxxxxxxxx so that your
message can get through to the mailing list cleanly





**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster





[Index of Archives]     [Postgresql General]     [Postgresql Admin]     [PHP Users]     [PHP Home]     [PHP on Windows]     [Kernel Newbies]     [PHP Classes]     [PHP Databases]     [Yosemite Backpacking]     [Postgresql Jobs]

  Powered by Linux