ut some facts..
>
>
> Hope I can help.. Would love to demonstate some ideas/etc.. about how I do
> security stuff..
>
>
>
> Bye
> :::
> : Julien Bonastre [The-Spectrum.org CEO]
> : A.K.A. The_RadiX
> : [EMAIL PROTECTED]
>
bout how I do
security stuff..
Bye
:::
: Julien Bonastre [The-Spectrum.org CEO]
: A.K.A. The_RadiX
: [EMAIL PROTECTED]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::::::::::::::::::
----- Original Message -
From: &quo
Pedro Pontes wrote:
> Hi Jon,
>
> I am considering doing that because any user can create a simple PHP script
> with his/her object with the authenticated flag set to "authorized",
> register that object with the session and then link to any of my pages,
> which if they don't make any kind of pas
This would only work if some other user is able to create files that the
web server thinks are part of your domain (since the session cookies are
domain-specific). Sounds to me like your problem here is severe server
misconfiguration. If your server environment is that insecure, then
worrying abou
Hi Jon,
I am considering doing that because any user can create a simple PHP script
with his/her object with the authenticated flag set to "authorized",
register that object with the session and then link to any of my pages,
which if they don't make any kind of password test, they will unsuspectl
Hi,
> The method I was thinking about before was to pass
> the md5 hash of the password around, as the passwords
> are already md5'ed in the DB. Your method seems more
> secure as you use a totally spiced-up and personalized
> encryption engine.
*boggle*
Why are you passing the password aro
ECTED]]
Sent: 03 May 2002 15:14
To: [EMAIL PROTECTED]; Brian McGarvie
Subject: Re: [PHP] Secure user authentication
that is a good suggestion..
Using SSL to perform "sensitive" logins.. and then using some sort of
"hidden" or "encrypted" passwords in your sessions shou
First of all, thank you for your devote answer.
The method I was thinking about before was to pass the md5 hash of the
password around, as the passwords are already md5'ed in the DB. Your method
seems more secure as you use a totally spiced-up and personalized encryption
engine.
But, the main qu
May 04, 2002 12:12 AM
Subject: RE: [PHP] Secure user authentication
another option is to use SSL for the login page/sensitive parts of the
site that deal with any transfer of 'sensitive' data?
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2002 15:08
To:
PROTECTED]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::
- Original Message -
From: "Jon Haworth" <[EMAIL PROTECTED]>
To: "'The_RadiX'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Satu
another option is to use SSL for the login page/sensitive parts of the
site that deal with any transfer of 'sensitive' data?
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2002 15:08
To: 'The_RadiX'; [EMAIL PROTECTED]
Subject: R
Hi,
> but the password is put through my own fairly unbreakable
> (yes.. I am serious) password key system..
> SO basically you'll end up with a nice 32 char string
> which is QUITE safe to pass around and the chance anyone's
> gonna decrypt it IMHO is about zilch,
> And all you have to do, is
12 matches
Mail list logo
