SitePoint Sponsor

User Tag List

Results 1 to 2 of 2
  1. #1
    SitePoint Enthusiast Darklightmw's Avatar
    Join Date
    Oct 2004
    Location
    houston
    Posts
    27
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    secure password protection

    I am making a user system and am trying to create a secure password logging thing. I want to make it so once you have logged on it stays logged on until you log off, but when I made it with cookies it could easily be hacked since changing the value of the cookie changes who you are logged in as. Any suggestions to make this more secure? Thanks!
    where are the snowdens of yesteryear?

  2. #2
    Application Developer shabbirbhimani's Avatar
    Join Date
    Apr 2004
    Location
    India
    Posts
    2,272
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I am making a user system and am trying to create a secure password logging thing. I want to make it so once you have logged on it stays logged on until you log off, but when I made it with cookies it could easily be hacked since changing the value of the cookie changes who you are logged in as. Any suggestions to make this more secure? Thanks!
    Using sessions to check the login system is better. I tell you the wrkflow

    Say whenever anyone logs in his session starts and his cookies are set[depending on remember me option]. Now when he tries to login second time check the session if it exists if exists he is logged in. Else check the md5 encrypted password cookies to verify whether he is authorised user and then validate him with database.

    This needs you to encrypt the password so that tampering the cookies can be done only on username and if password is tempered he will not be able to logged in. So I guess this will give you much secured login system.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •