You are here: Re: Secure login tutorial « PHP Programming Language « IT news, forums, messages
Re: Secure login tutorial

Posted by Kim Andrι Akerψ on 01/05/07 13:08

knal wrote:

> I'd like to keep out unwanted guests. Members that have registered
> (stored in MySQL DB) are allowed to login with usern/passw.
> Along with that an admin-level is stored wich tells the site how much
> rights the user has.
>
> I know i can manage the login via sessions, but i've read only
> sessions isn't secure. (Users can even "manually" force their own
> Session id). I don't really else know how to explain what i mean
> with "secure".

So basically, "secure" as in "trusted".

I've created a method that stores the user's IP address and user agent
string in session variables. Users behind the same public IP address as
the original user may be able to forge the session ID, though.
http://dev.bd0.net/test/sessions_trusted.phps

--
Kim AndrΓ© AkerΓΈ
- kimandre@NOSPAMbetadome.com
(remove NOSPAM to contact me directly)

 

Navigation:

[Reply to this message]
УдалСнная Ρ€Π°Π±ΠΎΡ‚Π° для программистов  •  Как Π·Π°Ρ€Π°Π±ΠΎΡ‚Π°Ρ‚ΡŒ Π½Π° Google AdSense  •  England, UK  •  ΡΡ‚Π°Ρ‚ΡŒΠΈ Π½Π° английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Π‘Π°ΠΉΡ‚ ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ Π² Π‘Ρ‚ΡƒΠ΄ΠΈΠΈ Π’Π°Π»Π΅Π½Ρ‚ΠΈΠ½Π° ΠŸΠ΅Ρ‚Ρ€ΡƒΡ‡Π΅ΠΊΠ°
ΠΈΠ·Π³ΠΎΡ‚ΠΎΠ²Π»Π΅Π½ΠΈΠ΅ ΠΈ ΠΏΠΎΠ΄Π΄Π΅Ρ€ΠΆΠΊΠ° Π²Π΅Π±-сайтов, Ρ€Π°Π·Ρ€Π°Π±ΠΎΡ‚ΠΊΠ° ΠΏΡ€ΠΎΠ³Ρ€Π°ΠΌΠΌΠ½ΠΎΠ³ΠΎ обСспСчСния, поисковая оптимизация