Posted by frizzle on 05/04/06 13:41

Hi group,

I need a login system for some 'private' pages.
Users should be pulled from a mysql DB.

Now, i've read a lot on login systems, and somehow there's _always_
the discussion with sessions (hijacking), dynamic IPs/Proxies.
One hand sessions on itself aren't secure (if in default tmp folder)
on the other hand, validating by IP would lock out a lot of users.

Now, what i wonder is, WHAT SHOULD I DO? I really don't know
where to start anymore because there are so much do's and dont's
on this ...

Frizzle.

[Back to original message]