Date: 12/20/06 (PHP Community)    Keywords: mysql, database, sql, security

As part of a development project, I'm currently developing a site which will require user login to access most of the actual site content. However, I want to ensure that I set this up with the most common security holes taken into account.

The user data is stored in a MySQL database, with the username stored in cleartext and the password field contains the md5 hash of the actual password concatenated with a 10 character random salt string (which is stored in the database as cleartext).

Login form data is passed via POST. Any data that is taken from or generated from the user will be passed through a sanitization function to prevent SQL injection attacks.

To track the user's state, I am looking into using session variables. My current problem is how to determine if the user has been authenticated properly, ideally without having to make a database call on every single page where this needs to be verified.

Does anyone have any suggestions as to some ways to authenticate the contents of a session to prevent man-in-the-middle/replay attacks? The obvious way would be to store the session ID in the database and check it every time, but that adds a lot of overhead.

Also, if anyone can spot any glaring security issues that I've missed in the descriptions above, I'd really like to hear about it. I want to do this right the first time.

Source: http://community.livejournal.com/php/523861.html