On 14/03/06, IG <php@xxxxxxxxxxxxxxxxxxxx> wrote:> Hello.>> I got a password protected login script of t'internet a while back and> have implemented it. I just want to make sure it is secure. It's not. 1. It only works with register_globals turned on. Not a good idea -register_globals has been off by default for some time now, for goodreason. 2. There's a Cross Site Scripting vulnerability where you're echoingout the contents of $QUERY_STRING. 3. There's an SQL Injection vulnerability where you're inserting$username directly into the query without any validation or escaping. 4. You're keeping the passwords in the database unencrypted ratherthan using a one way hash which is bad in itself, but then you'restoring also writing them to the session - if you're on a sharedserver, it's likely that any other site also on that server is able toread your session files. 5. You're checking the username and password on every page request -even after a successful login... which isn't really a securityproblem, just wasteful. -robin
