simple php security question--is this code secure?

**realmuffin** · 07-27-2009 01:42 PM

I'm really new to PHP, and I'm trying to set up an admin page for my friend's site. He and I are the only ones who will ever need admin access.

Is the following code secure?

Code:

<?php
	if (($_POST[username])=="myusername" AND $_POST[password]=="mypassword")
	{
		echo "you made it!";
	/* 	setcookie("admin", "true", time()+3600); */
	}
	else 
	{
		echo "Access restricted.";
	}
?>

**DanielDude** · 07-27-2009 02:16 PM

not really... maybe in a way but you should use MySQL for that kind of stuff.

**NogDog** · 07-27-2009 02:42 PM

Using a cookie like that is insecure, as a hacker could very easily set his own cookie. A session-based approach would probably be better.

Some other considerations:

1. If you are on a shared host, how securely is it configured? Could another account on the site run his own script and have it read your PHP source code, thus seeing your login credentials?

2. Are you connecting via SSL (https)? If not, anyone "sniffing" the connection could could capture your login/password.

3. Are you using a "strong" password that would be virtually impossible to guess?

Thread: simple php security question--is this code secure?

Thread Tools

Display

simple php security question--is this code secure?

Thread Information

Users Browsing this Thread

Tags for this Thread

Bookmarks

Bookmarks

Posting Permissions