|
|
Posted by Jerry Stuckle on 10/13/20 11:19
Mark H wrote:
> Hey all--
>
> I'm building a database and I basically need to keep out people who
> aren't authorized, but it's not like I need top security here. I'm just
> doing basic user/pass of a SQL database, and when a user authenticates
> I start a session for him.
>
> My question is, is there any way for a hacker to easily start a session
> without having logged in? For instance, if I save the user name and IP
> address in the session will it be relatively tough to fake a session?
>
> Sorry if this is a dumb question, I really don't know much about this
> yet.
>
If you're using Apache, you could also use mod_auth_mysql (on
sourceforge) to do the authorization/authentication for you.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|