Oh, I did miss out on the second question, but as David also pointed out, you need to protect this as a whole etc.
As for sessions, yes, they are generally safe. I normally store a copy of it in the database and I check against that. I find that it’s pretty easy to build all the auth checking into a routine that is called before any processing is done. Yes, it adds load to the DB etc but hey - safer is “cheaper” in the long run Cheers, Pieter > On 1/08/2018, at 11:19 AM, j...@magicweb.nz wrote: > > Hi all > > Can anybody give me some pointers and/or examples of how to make my web app – > using MySQL – secure. At the moment I’m just transferring the bare passwords > across, not a good idea I guess. > Secondly, once logged in, a session variable determines a logged in status – > safe enough? > > Thanks for any reply. > John C > > > _______________________________________________ > NZ Borland Developers Group - Delphi mailing list > Post: delphi@listserver.123.net.nz <mailto:delphi@listserver.123.net.nz> > Admin: http://delphi.org.nz/mailman/listinfo/delphi > <http://delphi.org.nz/mailman/listinfo/delphi> > Unsubscribe: send an email to delphi-requ...@listserver.123.net.nz > <mailto:delphi-requ...@listserver.123.net.nz> with Subject: unsubscribe
_______________________________________________ NZ Borland Developers Group - Delphi mailing list Post: delphi@listserver.123.net.nz Admin: http://delphi.org.nz/mailman/listinfo/delphi Unsubscribe: send an email to delphi-requ...@listserver.123.net.nz with Subject: unsubscribe