Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Noob security question
- What nickname do you want?
December 21, 2005, 11:08 am
rate this thread
done. Firstly the relevant pages are in a folder to which Apache
requires password authentication. Then I have an HTML page with a form
to enter (MySQL) ID and password, which I POST to a PHP page which
tries to connect to the MySQL database, and if so starts a session...
$id = $_POST['ID'];
if ($connect=mysql_pconnect("localhost",$id,$pass) )
echo "Connected - using database 'test'<br>";
header("Location: http://127.0.0.1 ");
Subsequent PHP pages are like:
$duration = time()-$start;
header ("Location: http://127.0.0.1/timeout.htm ");
Is this reasonably secure? What are the obvious holes? TIA
Re: Noob security question
with sha1) as well as use SSL to encrypt communications between the
browser and the server. PHP session security can be discussed at length
but some issues you should consider are session hijacking, session
fixation, cross-site scripting, cross-site forgery requests, etc.