Register or have you forgotten your password?
Get the most out of Surmunity, read our tips here! Need an interesting blog to read? You've got to read the Surpass Blog!
| Welcome! Please register to access all of our features.
| PHP, MySQL General PHP questions. Or go to our PHPsuexec Forum >> |
 |
|
|
LinkBack | Thread Tools | Search this Thread | Rate Thread |
July 17th, 2003, 12:12 AM
|
#1 (permalink) |
|
Registered User
Seasoned Poster
Joined in Jul 2003
Lives in Research Triangle Park, NC / Blacksburg, VA
57 posts
Gave thanks: 0
Thanked 0 times
|
I just wanted to see what everyone in the community with experience in this thought.
When I write login-based php scripts, I usually use sessions and forms like anyone else would. If a session variable for a correct login is not set, the user is presented with a form which posts to a validation file -- the validation file queries the database, verifies the correctness from the $_POST variable, sets the appropriate $_SESSION variables to validate everything, and then users a header() call to send the user back to the referring page validated. That's pretty much it -- I don't go to any special lengths to maintain the security of the users and I was wondering how safe is this? I mean I don't doubt that I'm never truly behind a black box, but I was wondering what you guys thought about it.
__________________
"I tried to go to Target but I missed" ~Mitch |
|
    |
