Ok, so you have pointed out an problem, now that you have been so kind to do
this could please recommend how to resolve this?
"Jay Blanchard" <[EMAIL PROTECTED]> wrote in message
> I cannot believe that no one with alot of PHP and MySQL experience has not
> replied to this post yet. Is PHP not a secure scripting language? I
> really like a little insight into this question, anyone?
> [rant warning!]
> I'll bite! ;-(
> A. You gave so much code that those of us on the list who may be working
> have not had time to set it all up and test it.
> 2. Security from what standpoint? That you can't be hacked? That people
> can't use your CMS without authorization? That your code is complicated
> enough to be impressive? Test your code...if it works you're good, if
> not...fix it.
> III. Your code is somewhat bloated, you don't have to go through
> you go through to assure yourself security. Is this for an Intranet? If so
> is the URL to the CMS accessible through the firewall? If for an Internet
> site have you thought about putting the CMS on an SSL.
> Dang...and D. PHP is secure. You may, to assuage any further fears,
> any username password information that gets transmitted from the login to
> the server the first time. That is very insecure. I could port sniff your
> butt to kingdom come and gain usernames and passwords all day long. You
> cannot believe that no one with alot of PHP and MySQL experience has not
> replied to this post yet. I cannot believe that anyone asking about
> would transmit the initial login as plain text...so we're even.
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php