Jason Carson wrote: >> On Mon, Jul 6, 2009 at 02:19, Jason Carson<jason@xxxxxxxxxxxxxx> wrote: >> >>> ok, I have two sets of scripts here. One uses setcookie() for logging >>> into >>> the admin panel and the other uses session_start(). Both are working >>> fine, >>> is one more secure than the other? >>> >> $_COOKIE data is written to a file that is readable/writeable and >> stored on the user's side of things. $_SESSION data is written to the >> server, with a cookie stored on the user's side containing just the >> PHPSESSID (session ID) string to identify the session file on the >> server. >> >> So determining which is better and/or more secure is really a >> matter of the data held there and how it's handled. If storing things >> like usernames or you absolutely want to store personal data in an >> active session, do so in $_SESSION. If you're storing a password or >> credit card number in the active session, you may as well do it in >> $_COOKIE, because you're already using an insecure model. ;-P >> >> -- >> </Daniel P. Brown> >> daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx >> http://www.parasane.net/ || http://www.pilotpig.net/ >> Check out our great hosting and dedicated server deals at >> http://twitter.com/pilotpig >> >> -- >> PHP General Mailing List (http://www.php.net/) >> To unsubscribe, visit: http://www.php.net/unsub.php >> >> >> > Well I'm a newbie when it comes to PHP and programming. I guess I need to > read up on login security. Do you know of, or recommend, any websites that > will show me how to secure my login model (Using cookies or sessions). > > Hi Jason, I'm probably not any wiser than you, but I have just (today) discovered an interesting site that seems to have some really clear explanations and tutorials re php, MySsql et al. It's worth looking at (I'm trying to implement something like what you are, as well): http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html HTH, PJ -- Hervé Kempf: "Pour sauver la planète, sortez du capitalisme." ------------------------------------------------------------- Phil Jourdan --- pj@xxxxxxxxxxxxx http://www.ptahhotep.com http://www.chiccantine.com/andypantry.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
