Topic: Login Script - Best Practice (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=30752" title="Pages that link to Topic: Login Script - Best Practice (Page 1 of 1)" rel="nofollow" >Topic: Login Script - Best Practice <span class="small">(Page 1 of 1)</span>\$

Orion Nervous Wreck (II) Inmate From: Insane since: Aug 2006	posted 01-08-2009 23:58 Hey, just trying to tighten the security of a login script I wrote and been reading a lot of different scripts but couldn't really find the best practices. One thing I have noticed was that many scripts were varifying $_POST vars directly from post such as code: SELECT * FROM eg WHERE user='$_POST[user]' AND pass='sha1/md5($_POST['pass'])' just for example I've always assigned the $_POST to a var first then varifying the var... is that not safe?
Arthurio Paranoid (IV) Inmate From: cell 3736 Insane since: Jul 2003	posted 01-09-2009 08:58 The example you gave is basically the worst possible practice. quote: Orion said: I've always assigned the $_POST to a var first then varifying the var... is that not safe? This is a better way. Here's a good tutorial. Also parameterized queries are a good practice. One Project - want to set up on multiple databases - where do I start
Orion Nervous Wreck (II) Inmate From: Insane since: Aug 2006	posted 01-09-2009 09:12 thanks arthurio, that's one of the articles/example I'm digging through right now, I'm combining about 4 different things right now but was really wondering about the grabbing of vars, thanks =)

Topic: Login Script - Best Practice (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=30752" title="Pages that link to Topic: Login Script - Best Practice (Page 1 of 1)" rel="nofollow" >Topic: Login Script - Best Practice <span class="small">(Page 1 of 1)</span>\$

Orion
Nervous Wreck (II) Inmate

From:
Insane since: Aug 2006

posted 01-08-2009 23:58

Hey, just trying to tighten the security of a login script I wrote and been reading a lot of different scripts but couldn't really find the best practices. One thing I have noticed was that many scripts were varifying $_POST vars directly from post such as

code:

SELECT * FROM eg WHERE user='$_POST[user]' AND pass='sha1/md5($_POST['pass'])'

just for example

I've always assigned the $_POST to a var first then varifying the var... is that not safe?

Arthurio
Paranoid (IV) Inmate

From: cell 3736
Insane since: Jul 2003

posted 01-09-2009 08:58

The example you gave is basically the worst possible practice.

quote:

Orion said:

I've always assigned the $_POST to a var first then varifying the var... is that not safe?

This is a better way.

Here's a good tutorial.

Also parameterized queries are a good practice. One Project - want to set up on multiple databases - where do I start

Orion
Nervous Wreck (II) Inmate

From:
Insane since: Aug 2006

posted 01-09-2009 09:12

thanks arthurio, that's one of the articles/example I'm digging through right now, I'm combining about 4 different things right now but was really wondering about the grabbing of vars, thanks =)

Post Reply

Your User Name:
Your Password:
Login Options:	Remember Me On This Computer

Your Text: Insert Slimies » Insert UBB Code » Close Last Tag \| All Tags UBB Help	Loading...
Options:	Show Signature Enable Slimies Enable Linkwords

Topic: Login Script - Best Practice (Page 1 of 1)

Insert Slimies »

Insert UBB Code »

Topic: Login Script - Best Practice (Page 1 of 1) $Pages that link to <a href="https://ozoneasylum.com/backlink?for=30752" title="Pages that link to Topic: Login Script - Best Practice (Page 1 of 1)" rel="nofollow" >Topic: Login Script - Best Practice <span class="small">(Page 1 of 1)</span>\$