Hey, ive got a few questions. Ive made a login using php and is connected to a mysql database. but how secure is this? Im wondering because im going to be making another website with a PHP and MySQL login for an online magazine and such and im just trying to figure out how to make it as secure as possible. Would making the php parts in a .inc file and then making a .htaccess file locking those .inc files be the safest way?

The more layers of security, the better.

Note that you can even put the include file(s) in a directory that is not in htdocs directory tree, so that you don't even need htaccess protection on it.

making a website secure is kinda like running in a circle, no matter how much work you put into securing a site there is going to be a real pro out there that can get in. I try to make my sites as secure as possible by using a combo of thing, one of them is using SSL, this will prevent login's and passwords from being send over plain text, now I know SSL is not that hard to crack, but atleast its a start. first thing to do is use MD5() for storing passwords in the MySQL database, this will prevent someone that hacks into your mysql server to be able to read plain text usernames. Second is use random passwords for your MySQL account and your hosting control panel, using Admin : password is just asking to get hacked into. Another feature would be to use some sort of checking to make sure that user input that is being send to a MySQL query is properly commented out and is the correct input type. If you do just a few checks with php for security you are pretty much making it easier for a hacker to gain access to your site thru a backdoor, such as a security whole in your hosting control panel software, FTP server software, Web server software, then from their your server OS or other sites hosted on the same server, then the firewalls and other security features of your ISP where your server is located. I know there are TONS of security articles about PHP and MySQL, I hope this is a good start for you.

ok, so basically its like staying warm. more layers warmer you get. more security, the safer it becomes but i know there will always be someone who will be able to hack it. Thanks for the info.

pretty much, however unlike with staying warm, if you have a whole in one of the first levels that probebly would allow someone in. Another great example of nothing is really secure is our multi BILLION dollar company call Microsoft, which gets hacked and defaced on a regular basis. If a company like Microsoft can get hacked into, then none of us can really be secure.

pretty much, however unlike with staying warm, if you have a whole in one of the first levels that probebly would allow someone in. Another great example of nothing is really secure is our multi BILLION dollar company call Microsoft, which gets hacked and defaced on a regular basis. If a company like Microsoft can get hacked into, then none of us can really be secure.
Of course, M$ is at a disadvantage security-wise because they use Windows. ;)

Cisco's Sys. servers got hacked once, though they are security pros ;)

Of course, M$ is at a disadvantage security-wise because they use Windows. ;)

LOL

Of course, M$ is at a disadvantage security-wise because they use Windows. ;)

Not wanting to start a windows Linux war, but recently since windows 2003 server came out sudies have shown that windows is easier to make secure over linux, the studied showed that it did NOT take a total security expert to make windows secure, as with linux you have to know how to change code and pretty much customize linux for it to be secure. Don't get me wrong, my company recently asked me to help create a new startup company and I advice using linux as its free, and can be VERY secure if we hire a linux specialist to come in, plus that fact that we can cluster linux very easily.

PS. the last major hack that i heard of against M$ was in turkey, they servers where hacked because a few of hackers found Linux boxes running as routers and server on a private microsoft network, they got pissed and decided to crash the network and pretty much whipe out the linux boxes. So aparently microsoft does not only run windows (this was a few years back btw).