ut some facts..
>
>
> Hope I can help.. Would love to demonstate some ideas/etc.. about how I do
> security stuff..
>
>
>
> Bye
> :::
> : Julien Bonastre [The-Spectrum.org CEO]
> : A.K.A. The_RadiX
> : [EMAIL PROTECTED]
>
bout how I do
security stuff..
Bye
:::
: Julien Bonastre [The-Spectrum.org CEO]
: A.K.A. The_RadiX
: [EMAIL PROTECTED]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::::::::::::::
----- Original Message -
From: &quo
Pedro Pontes wrote:
> Hi Jon,
>
> I am considering doing that because any user can create a simple PHP script
> with his/her object with the authenticated flag set to "authorized",
> register that object with the session and then link to any of my pages,
> which if they don't make any kind of pas
This would only work if some other user is able to create files that the
web server thinks are part of your domain (since the session cookies are
domain-specific). Sounds to me like your problem here is severe server
misconfiguration. If your server environment is that insecure, then
worrying abou
Hi Jon,
I am considering doing that because any user can create a simple PHP script
with his/her object with the authenticated flag set to "authorized",
register that object with the session and then link to any of my pages,
which if they don't make any kind of password test, they will unsuspectl
Hi,
> The method I was thinking about before was to pass
> the md5 hash of the password around, as the passwords
> are already md5'ed in the DB. Your method seems more
> secure as you use a totally spiced-up and personalized
> encryption engine.
*boggle*
Why are you passing the password aro
ECTED]]
Sent: 03 May 2002 15:14
To: [EMAIL PROTECTED]; Brian McGarvie
Subject: Re: [PHP] Secure user authentication
that is a good suggestion..
Using SSL to perform "sensitive" logins.. and then using some sort of
"hidden" or "encrypted" passwords in your sessions shou
; Ok hope that helps
>
> :::
> : Julien Bonastre [The-Spectrum.org CEO]
> : A.K.A. The_RadiX
> : [EMAIL PROTECTED]
> : ABN: 64 235 749 494
> : QUT Student :: 04475739
> :::
> - Original
May 04, 2002 12:12 AM
Subject: RE: [PHP] Secure user authentication
another option is to use SSL for the login page/sensitive parts of the
site that deal with any transfer of 'sensitive' data?
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2002 15:08
To:
PROTECTED]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::
- Original Message -
From: "Jon Haworth" <[EMAIL PROTECTED]>
To: "'The_RadiX'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Satu
another option is to use SSL for the login page/sensitive parts of the
site that deal with any transfer of 'sensitive' data?
-Original Message-
From: Jon Haworth [mailto:[EMAIL PROTECTED]]
Sent: 03 May 2002 15:08
To: 'The_RadiX'; [EMAIL PROTECTED]
Subject: R
Hi,
> but the password is put through my own fairly unbreakable
> (yes.. I am serious) password key system..
> SO basically you'll end up with a nice 32 char string
> which is QUITE safe to pass around and the chance anyone's
> gonna decrypt it IMHO is about zilch,
> And all you have to do, is
re [The-Spectrum.org CEO]
: A.K.A. The_RadiX
: [EMAIL PROTECTED]
: ABN: 64 235 749 494
: QUT Student :: 04475739
:::
- Original Message -
From: "Pedro Pontes" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, May 03, 2002
Hello,
I'm using the regular user authentication method, that is, check the
specified login/pass agains't the entries in the DB, if it is valid, create
the user object and register it with the section.
How can we prevent any user from creating a simple PHP page that creates a
simmilar user objec
14 matches
Mail list logo
