Security

After searching the web for a php login script (and you can find tons of it), I declared myself a little bit unsatisfied. I was looking for something simple yet powerful and I found all sorts of login scripts (a lot of them not safe at all). By the way, as a warning, BEWARE OF THE LOGIN SCRIPTS THAT HAVE SOMETHING LIKE: $_SESSION['has_access'] = true; INTO THEIR CODE followed by the explanation:”and you simply check the pages using if($_SESSION['has_access'])“.They are not safe at all, but that’s another discussion.

So, what was i looking for? Well, as I said before, the login script should be small, reusable, simple to understand and implement, it should check the user on every page (and I mean CHECK like … strip search). Since the www offer was not good enough, I started implementing my own code.

In order to make it reusable, I thought about creating an object to do this task for me. So, what this php login script does it’s actually quite simple: for every secured page it is installed on, it checks using the data stored in session if the user credentials are ok and if they are it returns his/her details from the database. (more…)

Normally, the answer to that question would be: the administrator of the website. Well… not always. By now you all heard of mysql injection. At this moment, I have knowledge of at least 5 websites developed by WEB COMPANIES (yes, you read it well, those companies that have on the index page of their website the words: WE ARE PROFESSIONALS) that have breaches in the security. (more…)

I read some time ago on a website the following line: May the best of your past be the worst of your future. Amen to that brother!

Over the time I’ve seen good applications and bad applications and not so good application. The question that must be answered here is simple: How do we create a fairly safe PHP application? (more…)