On Sun, April 15, 2007 4:15 am, Ross wrote: > > I am creating a single user secure login based on this: > > http://www.phpnoise.com/tutorials/26/1 For just one user, I'd just tossing in an .htaccess and .htpasswd file, personally, and not bother with page after page of PHP. > Can anyone see any potential security issues with this method? Where > should > I store the password/username can I just have it located in the > pagehead? If there is only one valid login, then I see no problem with just storing it in source code. I'd put it in an include file outside the web tree, personally, so that the PHP source is less likely to get exposed by .htaccess files getting lost or whatever can't happen. Actually, you should probably store only the MD5 of the correct password in your PHP source, and then not worry about anybody seeing the source. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
