Results 1 to 3 of 3

Thread: simple php security question--is this code secure?

  1. #1
    Join Date
    Jul 2009

    Question simple php security question--is this code secure?

    I'm really new to PHP, and I'm trying to set up an admin page for my friend's site. He and I are the only ones who will ever need admin access.

    Is the following code secure?

    	if (($_POST[username])=="myusername" AND $_POST[password]=="mypassword")
    		echo "you made it!";
    	/* 	setcookie("admin", "true", time()+3600); */
    		echo "Access restricted.";

  2. #2
    Join Date
    Aug 2008
    not really... maybe in a way but you should use MySQL for that kind of stuff.

  3. #3
    Join Date
    Aug 2004
    Using a cookie like that is insecure, as a hacker could very easily set his own cookie. A session-based approach would probably be better.

    Some other considerations:

    1. If you are on a shared host, how securely is it configured? Could another account on the site run his own script and have it read your PHP source code, thus seeing your login credentials?

    2. Are you connecting via SSL (https)? If not, anyone "sniffing" the connection could could capture your login/password.

    3. Are you using a "strong" password that would be virtually impossible to guess?
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
HTML5 Development Center