www.webdeveloper.com
Results 1 to 3 of 3

Thread: simple php security question--is this code secure?

  1. #1
    Join Date
    Jul 2009
    Posts
    77

    Question simple php security question--is this code secure?

    I'm really new to PHP, and I'm trying to set up an admin page for my friend's site. He and I are the only ones who will ever need admin access.

    Is the following code secure?

    Code:
    <?php
    	if (($_POST[username])=="myusername" AND $_POST[password]=="mypassword")
    	{
    		echo "you made it!";
    	/* 	setcookie("admin", "true", time()+3600); */
    	}
    	else 
    	{
    		echo "Access restricted.";
    	}
    ?>

  2. #2
    Join Date
    Aug 2008
    Posts
    36
    not really... maybe in a way but you should use MySQL for that kind of stuff.

  3. #3
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    18,933
    Using a cookie like that is insecure, as a hacker could very easily set his own cookie. A session-based approach would probably be better.

    Some other considerations:

    1. If you are on a shared host, how securely is it configured? Could another account on the site run his own script and have it read your PHP source code, thus seeing your login credentials?

    2. Are you connecting via SSL (https)? If not, anyone "sniffing" the connection could could capture your login/password.

    3. Are you using a "strong" password that would be virtually impossible to guess?
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles