Hi Ross, I previously worked on this theme and the general feeling / feedback from the mailing list was the following one : - access to your login window, via HTTPS (SSL) - hash you password (inspired by : http://phpsec.org/articles/2005/password-hashing.html) - when user is authenticated, you can authorize him to go further, therefore use a session and store in session array ONLY his login. (as he is already identified). all the webpages should be accessible in HTTPS (with first check on $_SERVER["HTTPS"] != 'on') HTH. Alain On 4/15/07, Ross <ross@xxxxxxxxxxxxx> wrote:
I am creating a single user secure login based on this: http://www.phpnoise.com/tutorials/26/1 Can anyone see any potential security issues with this method? Where should I store the password/username can I just have it located in the pagehead? R. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
-- Alain ------------------------------------ Windows XP SP2 PostgreSQL 8.1.4 Apache 2.0.58 PHP 5
