> Jason Carson wrote: >>> On Mon, Jul 6, 2009 at 02:19, Jason Carson<jason@xxxxxxxxxxxxxx> wrote: >>> >>>> ok, I have two sets of scripts here. One uses setcookie() for logging >>>> into >>>> the admin panel and the other uses session_start(). Both are working >>>> fine, >>>> is one more secure than the other? >>>> >>> $_COOKIE data is written to a file that is readable/writeable and >>> stored on the user's side of things. $_SESSION data is written to the >>> server, with a cookie stored on the user's side containing just the >>> PHPSESSID (session ID) string to identify the session file on the >>> server. >>> >>> So determining which is better and/or more secure is really a >>> matter of the data held there and how it's handled. If storing things >>> like usernames or you absolutely want to store personal data in an >>> active session, do so in $_SESSION. If you're storing a password or >>> credit card number in the active session, you may as well do it in >>> $_COOKIE, because you're already using an insecure model. ;-P >>> >>> -- >>> </Daniel P. Brown> >>> daniel.brown@xxxxxxxxxxxx || danbrown@xxxxxxx >>> http://www.parasane.net/ || http://www.pilotpig.net/ >>> Check out our great hosting and dedicated server deals at >>> http://twitter.com/pilotpig >>> >>> -- >>> PHP General Mailing List (http://www.php.net/) >>> To unsubscribe, visit: http://www.php.net/unsub.php >>> >>> >>> >> Well I'm a newbie when it comes to PHP and programming. I guess I need >> to >> read up on login security. Do you know of, or recommend, any websites >> that >> will show me how to secure my login model (Using cookies or sessions). >> >> > Hi Jason, > I'm probably not any wiser than you, but I have just (today) discovered > an interesting site that seems to have some really clear explanations > and tutorials re php, MySsql et al. > It's worth looking at (I'm trying to implement something like what you > are, as well): > http://www.brainbell.com/tutors/php/php_mysql/Authorizing_User_Access.html > HTH, > PJ > > -- > Hervé Kempf: "Pour sauver la planète, sortez du capitalisme." > ------------------------------------------------------------- > Phil Jourdan --- pj@xxxxxxxxxxxxx > http://www.ptahhotep.com > http://www.chiccantine.com/andypantry.php > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > I'll check it out this evening when I have some time. Thanks for the link. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
