dcsimg
www.webdeveloper.com
Results 1 to 2 of 2

Thread: [RESOLVED] Database Login Credentials

  1. #1
    Join Date
    Jan 2015
    Location
    Dallas
    Posts
    138

    resolved [RESOLVED] Database Login Credentials

    When I first started this project, PHP was new to me and I didn't have a clue how to use it. Here, seven months later, I still don't know what I'm doing.

    I have 47 pages that are MySQL intensive. Each client has their own login credentials to the database. I've been using the $_SESSION global to carry these credentials across the pages. I realize this is a huge security issue, but I don't know any other way to keep their username / password handy as they log in and out of the database. I've searched and not found anything resembling my need here. Most of the discussions relate to setting $_SESSION['foo'] = 'bar' and carying that from page to page.

    I cld really use some insight on this. Thanks.

  2. #2
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    21,443
    It's only insecure if (a) someone can hijack a session, and then (b) find a hole in you application that allows them to display the data in $_SESSION. If (a) is true, you already have a bunch of security issues that need addressing.
    "Well done....Consciousness to sarcasm in five seconds!" ~ Terry Pratchett, Night Watch

    How to Ask Questions the Smart Way (not affiliated with this site, but well worth reading)

    My Blog
    cwrBlog: simple, no-database PHP blogging framework

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles