749 494
: QUT Student :: 04475739
:::
- Original Message -
From: Pedro Pontes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, May 04, 2002 12:33 AM
Subject: Re: [PHP] Secure user authentication
First of all, thank you for you
:: 04475739
:::
- Original Message -
From: Pedro Pontes [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, May 04, 2002 12:33 AM
Subject: Re: [PHP] Secure user authentication
First of all, thank you for your devote answer.
The method I was thinking
Hi,
but the password is put through my own fairly unbreakable
(yes.. I am serious) password key system..
SO basically you'll end up with a nice 32 char string
which is QUITE safe to pass around and the chance anyone's
gonna decrypt it IMHO is about zilch,
And all you have to do, is when
another option is to use SSL for the login page/sensitive parts of the
site that deal with any transfer of 'sensitive' data?
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2002 15:08
To: 'The_RadiX'; [EMAIL PROTECTED]
Subject: RE: [PHP] Secure user
]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::
- Original Message -
From: Jon Haworth [EMAIL PROTECTED]
To: 'The_RadiX' [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, May 04, 2002 12:07 AM
Subject: RE: [PHP] Secure user authentication
. The_RadiX
: [EMAIL PROTECTED]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::
- Original Message -
From: Brian McGarvie [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Saturday, May 04, 2002 12:12 AM
Subject: RE: [PHP] Secure user authentication
First of all, thank you for your devote answer.
The method I was thinking about before was to pass the md5 hash of the
password around, as the passwords are already md5'ed in the DB. Your method
seems more secure as you use a totally spiced-up and personalized encryption
engine.
But, the main
]]
Sent: 03 May 2002 15:14
To: [EMAIL PROTECTED]; Brian McGarvie
Subject: Re: [PHP] Secure user authentication
that is a good suggestion..
Using SSL to perform sensitive logins.. and then using some sort of
hidden or encrypted passwords in your sessions should provide a nice
level of security
Hi,
The method I was thinking about before was to pass
the md5 hash of the password around, as the passwords
are already md5'ed in the DB. Your method seems more
secure as you use a totally spiced-up and personalized
encryption engine.
*boggle*
Why are you passing the password around,
Hi Jon,
I am considering doing that because any user can create a simple PHP script
with his/her object with the authenticated flag set to authorized,
register that object with the session and then link to any of my pages,
which if they don't make any kind of password test, they will unsuspectly
This would only work if some other user is able to create files that the
web server thinks are part of your domain (since the session cookies are
domain-specific). Sounds to me like your problem here is severe server
misconfiguration. If your server environment is that insecure, then
worrying
Pedro Pontes wrote:
Hi Jon,
I am considering doing that because any user can create a simple PHP script
with his/her object with the authenticated flag set to authorized,
register that object with the session and then link to any of my pages,
which if they don't make any kind of password
12 matches
Mail list logo