|
|
Posted by Henk verhoeven on 05/05/07 10:04
Schraalhans Keukenmeester schreef:
> On Fri, 04 May 2007 15:29:29 -0700, abracad_1999 wrote:
>
>> I'm looking for a decent free/open source php authentication script
>> that would allow users to log in/out of a secure area of a web site.
>> Ideally should have email confirmation and password reminder and work
>> with mysql.
>>
>> Any suggestions?
>
> You may like what you see at:
> http://www.evolt.org/PHP-Login-System-with-Admin-Features
>
> It is conceptually well thought through
Dag Schraalhans,
I don't know. If security is important i suggest to check:
- Does it leave possible hackers in the dark if only the username is
correct, or does it tell them so that they know they have found a
correct user name and from that point they only need to guess the password?
- Does it contain a defense against brute force and dictionary attacks?
Or would the server validate as many passwords as are submitted as fast
as it can, even if they are all submitted by the same client/ip adress?
(This could especially be vurnerable if users can choose their own
password.)
Greetings,
Henk Verhoeven,
www.phpPeanuts.org.
Navigation:
[Reply to this message]
|