Reply to Noob security question

Your name:

Reply:


Posted by What nickname do you want? on 12/21/05 13:08

I want to provide secured acces to a MySQL database. This is what I've
done. Firstly the relevant pages are in a folder to which Apache
requires password authentication. Then I have an HTML page with a form
to enter (MySQL) ID and password, which I POST to a PHP page which
tries to connect to the MySQL database, and if so starts a session...

$id = $_POST['ID'];
$pass=$_POST['password'];
if ($connect=mysql_pconnect("localhost",$id,$pass) )
{
session_start();
echo "Connected - using database 'test'<br>";
mysql_select_db("test");
$_SESSION["id"]=$id;
$_SESSION["password"]=$pass;
$_SESSION["start"]=time();
}
else
{
header("Location: http://127.0.0.1");
exit();
}

Subsequent PHP pages are like:

session_start();
$id=$_SESSION["id"];
$pass=$_SESSION["password"];
$start=$_SESSION["start"];
$duration = time()-$start;
if ($duration>10)
{
session_destroy();
header ("Location: http://127.0.0.1/timeout.htm");
exit();
}
$_session["start"]=time();

$connect=mysql_pconnect("localhost",$id,$pass);
$myQuery=...

Is this reasonably secure? What are the obvious holes? TIA

[Back to original message]
Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация