What I have done in the past is create a session variable that tells me that
the person using that session is valid. It's really really hard to spoof a
session variable. I did it this way after awhile since the original way
that I did it was by checking their username/password in the session on
Firstly, you should ALWAYS use an encryption algorithm for passwords. For my site, I
used md5() and match with that. That way, even if someone does get a hold of the
encrypted password, it's not in their best interest (or maybe it is, if they're bored)
to crack it.
I haven't testing the
ðÒÉ×ÅÔ!
Martin Clifford wrote:
Firstly, you should ALWAYS use an encryption algorithm for passwords.
For my site, I used md5() and match with that.
That way, even if someone does get a hold of the encrypted password,
it's not in their best interest
(or maybe it is, if they're bored) to
3 matches
Mail list logo
