based on whats known to be
one of the best ways.
Once again thanks for your input, it's my call now :D
Tim
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : mercredi 21 février 2007 07:15
À : php-general@lists.php.net
Objet : Re: [PHP] Re: Securing user table
Haydar Tuna wrote:
1) If you protect your site from SQL Injection, you must replace all quote
and blank character in your form data. (with string functions)
A better approach is data inspection. For example, if you know a field
should only ever contain letters, you can use ctype_alpha() to
Tim wrote:
Now moving on into other aspects of security :P I was thinking of a way to
secure my login inputs the best way possible.
[...]
Maybe I'm missing something, but why not simply inspect and clean input
to ensure that it's always properly escaped and safe to send to your
database? It
Hello again,
if you crypt your usernames, it happened many problems. As you know,
if you crypt any string to SHA1, you don't decrypt again. You cannot use
username in your application. in my many application, I have crpyted
password , I haven't cryrpt usernames. Becuase I used username
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 février 2007 10:34
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Hello again,
if you crypt your usernames, it happened many problems.
As you know
-Message d'origine-
De : Fergus Gibson [mailto:[EMAIL PROTECTED]
Envoyé : lundi 19 février 2007 12:01
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Tim wrote:
Now moving on into other aspects of security :P I was thinking of a
way
- Original Message -
From: Tim [EMAIL PROTECTED]
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 février 2007 10:34
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Hello again,
if you crypt your
On Mon, February 19, 2007 5:12 am, Fergus Gibson wrote:
4) if user forget his or her password, you can send email to the
user when
the user answer password protected question.
Kinda impossible if the password is hashed, isn't it? What a strange
thought, though. I guess all those sites with
On Tue, February 20, 2007 4:08 am, Tim wrote:
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 février 2007 10:34
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Hello again,
if you crypt your usernames
news:[EMAIL PROTECTED]
On Tue, February 20, 2007 4:08 am, Tim wrote:
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : mardi 20 février 2007 10:34
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Hello again,
if you
-Message d'origine-
De : Haydar Tuna [mailto:[EMAIL PROTECTED]
Envoyé : lundi 19 février 2007 08:12
À : php-general@lists.php.net
Objet : [PHP] Re: Securing user table with sha function
Hello,
1) If you protect your site from SQL Injection, you must
replace all quote
Hello,
1) If you protect your site from SQL Injection, you must replace all quote
and blank character in your form data. (with string functions)
2) After this step, you can compare your password (with SHA1) and database
password field (with SHA1).
3) if comparing passwords are true, then you
12 matches
Mail list logo