Reply to Security question

Your name:

Reply:


Posted by JamesB on 09/26/09 11:27

I am half way through making a site you can only do certain stuff if logged
in to.

So far, you are logged in if there is a session variable with your username,
but I got thinking that presumably someone who worked this out could make a
cookie file with this info in and pretend to be another user. So... what's
the recommended way?
I thought of storing an MD5 hash of the login time in the session and in the
database too, then on each page, comparing the session variable to that in
the db. Theory being, if a hacker had tried making their own cookie file
they wouldnt have the right hash.

Sound reasonable? Or is session info secure enough anyway? Its not a D.O.D
site or anything, but might as well make it right from outset...
James.

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация