Ross wrote:
I am creating a single user secure login based on this:
http://www.phpnoise.com/tutorials/26/1
Can anyone see any potential security issues with this method? Where should
I store the password/username can I just have it located in the pagehead?
I would be careful about using any code from that site. The code
presented in that tutorial does not escape variables before putting them
into SQL queries.
In addition it appears to be storing the MD5 of the password in a
cookie. This leaves it open to offline dictionary attacks. The author
falsly represents MD5 hashes as encryption. MD5 is not encryption, it's
a checksum.
By all means use it as an example, but please be aware that it is not
particularly secure and could open your site to attacks.
-Stut
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
