Re: [PHP] secure login

2007-04-16 Thread Richard Lynch
On Sun, April 15, 2007 4:15 am, Ross wrote: > > I am creating a single user secure login based on this: > > http://www.phpnoise.com/tutorials/26/1 For just one user, I'd just tossing in an .htaccess and .htpasswd file, personally, and not bother with page after page of PHP. > Can anyone see any p

Re: [PHP] secure login

2007-04-15 Thread tedd
I am creating a single user secure login based on this: http://www.phpnoise.com/tutorials/26/1 Can anyone see any potential security issues with this method? Where should I store the password/username can I just have it located in the pagehead? R. Ross: Yes, as Stut pointed out, the example

Re: [PHP] secure login

2007-04-15 Thread Stut
Ross wrote: I am creating a single user secure login based on this: http://www.phpnoise.com/tutorials/26/1 Can anyone see any potential security issues with this method? Where should I store the password/username can I just have it located in the pagehead? I would be careful about using any

Re: [PHP] secure login

2007-04-15 Thread Alain Roger
Hi Ross, I previously worked on this theme and the general feeling / feedback from the mailing list was the following one : - access to your login window, via HTTPS (SSL) - hash you password (inspired by : http://phpsec.org/articles/2005/password-hashing.html) - when user is authenticated, you c

[PHP] secure login

2007-04-15 Thread Ross
I am creating a single user secure login based on this: http://www.phpnoise.com/tutorials/26/1 Can anyone see any potential security issues with this method? Where should I store the password/username can I just have it located in the pagehead? R. -- PHP General Mailing List (http://www.p

Re: [PHP] Secure login script

2004-05-31 Thread Raj Shekhar
On Mon, 31 May 2004 16:11:07 -0600, René Fournier <[EMAIL PROTECTED]> wrote: > If I MUST learn these two things in order to copy the > security of the sample script, I will, but is it really necessary in > your opinion? Let me see. Will you let a surgeon who does not know how to handle a scalpel t

[PHP] Secure login script

2004-05-31 Thread René Fournier
The link I posted previously is causing me some grief, apparently because I don't know the first thing about object-oriented PHP or PEAR. Here's the thing: If I MUST learn these two things in order to copy the security of the sample script, I will, but is it really necessary in your opinion? .