[snip] I cannot believe that no one with alot of PHP and MySQL experience has not replied to this post yet. Is PHP not a secure scripting language? I would really like a little insight into this question, anyone? [/snip]
[rant warning!] I'll bite! ;-( A. You gave so much code that those of us on the list who may be working may have not had time to set it all up and test it. 2. Security from what standpoint? That you can't be hacked? That people can't use your CMS without authorization? That your code is complicated enough to be impressive? Test your code...if it works you're good, if not...fix it. III. Your code is somewhat bloated, you don't have to go through everything you go through to assure yourself security. Is this for an Intranet? If so is the URL to the CMS accessible through the firewall? If for an Internet site have you thought about putting the CMS on an SSL. Dang...and D. PHP is secure. You may, to assuage any further fears, encrypt any username password information that gets transmitted from the login to the server the first time. That is very insecure. I could port sniff your butt to kingdom come and gain usernames and passwords all day long. You cannot believe that no one with alot of PHP and MySQL experience has not replied to this post yet. I cannot believe that anyone asking about security would transmit the initial login as plain text...so we're even. [/rant] Jay -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
