simple php security question--is this code secure?
I'm really new to PHP, and I'm trying to set up an admin page for my friend's site. He and I are the only ones who will ever need admin access.
Is the following code secure?
if (($_POST[username])=="myusername" AND $_POST[password]=="mypassword")
echo "you made it!";
/* setcookie("admin", "true", time()+3600); */
echo "Access restricted.";
not really... maybe in a way but you should use MySQL for that kind of stuff.
Using a cookie like that is insecure, as a hacker could very easily set his own cookie. A session-based approach would probably be better.
Some other considerations:
1. If you are on a shared host, how securely is it configured? Could another account on the site run his own script and have it read your PHP source code, thus seeing your login credentials?
2. Are you connecting via SSL (https)? If not, anyone "sniffing" the connection could could capture your login/password.
3. Are you using a "strong" password that would be virtually impossible to guess?
"Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
~ Terry Pratchett in Nation
Users Browsing this Thread
There are currently 1 users browsing this thread. (0 members and 1 guests)
Tags for this Thread