SitePoint Sponsor

User Tag List

Results 1 to 6 of 6
  1. #1
    SitePoint Enthusiast
    Join Date
    Jun 2000
    Location
    Cork, Ireland
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If I use the html password type in a form to enter my site, is this secure. I have a secure ssl server so it should be okay, I hope.

    Just looking for verification.

    Thanks.

  2. #2
    Serial Publisher silver trophy aspen's Avatar
    Join Date
    Aug 1999
    Location
    East Lansing, MI USA
    Posts
    12,937
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    <input type = "password"> Is secure for people looking over your shoulder. If you want it secure using SSL you need it put it in that secure directory, meaning the logon files.


  3. #3
    SitePoint Enthusiast
    Join Date
    Jun 2000
    Location
    Cork, Ireland
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    OK, thanks,

    One more question...

    Should I store passwords in my mysql database encrypted or is it OK to store them as ordinary text. Note my site is SSL secure.

  4. #4
    SitePoint Wizard
    Join Date
    Jul 1999
    Location
    Chicago
    Posts
    2,629
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    It would be pretty easy just to crypt() then and store them in a mysql database. Then just crypt() the password that was inputted and see if the two match.

    Added protection with almost no work.

  5. #5
    Your Lord and Master, Foamy gold trophy Hierophant's Avatar
    Join Date
    Aug 1999
    Location
    Lancaster, Ca. USA
    Posts
    12,305
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I agree.. always store passwords in an encrypted format whether your site is behind SSL or not. If anyone got that file its one more step they have to go through.

    ------------------
    Wayne Luke - Sitepoint Forums Administrator
    Digital Magician Magazine - MetaQuark Creations (Coming Soon)
    sitepoint@digitalmagician.com

  6. #6
    SitePoint Enthusiast
    Join Date
    Jun 2000
    Location
    Cork, Ireland
    Posts
    44
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks!!!

    Last question, where do I go to learn about .htaccess

    I trust this is what I use to guard entry to particular folders on my site, does this also let me decide which folders are ssl protected or not.

    Thanks for you help again


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •