Topic awaiting preservation: PHP Sessions with Sensitive Information (Page 1 of 1) |
|
---|---|
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 11-29-2003 03:26
I am attempting to allow for a user to remain logged into a content management system I am creating using PHP but am having some trouble coming up with a method of securing the session data. You can read this in two ways simple guide to preform a simple system hack, or to offer your advice on alternate solutions. code: $sql = SELECT id FROM table WHERE username = '$username' AND password = '$password';
code: session_start();
|
Paranoid (IV) Mad Scientist with Finglongers From: Germany |
posted 11-29-2003 10:12
come in again, warmage: |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 11-29-2003 13:48
why would http://site.com/mainCMSpage.php?login_user_id=1 lead to $_SESSION['login_user_id'] being set? |
Paranoid (IV) Mad Scientist with Finglongers From: Germany |
posted 11-29-2003 14:50
I feel you're having a missbelief here, WarMage: |
Bipolar (III) Inmate From: Brisbane |
posted 11-29-2003 15:31
Why no cookies? |
Maniac (V) Mad Scientist From: Rochester, New York, USA |
posted 11-29-2003 16:07
Well, it was the first solution that made me feel much more secure. I was under the impression that Register_Globals was off, but I believe they(the server admin) must have turned it back during some previous update. Once I disabled it via .htaccess everything seemed pretty good. |