PHP Classes
Icontem

Subject: security hole


  Search   All class groups All class groups   Latest entries Latest entries   Top 10 charts Top 10 charts   Newsletter Newsletter   Blog Blog   Forums Forums   Help FAQ Help FAQ  
  Login   Register  
Recommend this page to a friend!

      Login Script   All threads   security hole   (Un) Subscribe thread alerts  
Subject:security hole
Summary:encryption is missing
Messages:1
Author:Hillebrand
Date:2008-07-04 10:21:20
 

  1. security hole   Reply  
Picture of Hillebrand
Hillebrand
2008-07-04 10:21:24
hi,
i tested the script and i noticed that the stored password is not encrypted like md5 or so. this would be necessary because if not you send the clean password through the net.

better is
a) storing the password inside the db md5 - encrypted
b) sending the password from the form after encryting it to md5. so noone can fetch the clean password an abuse the login.

greetings

guido

 
  Advertise on this site Advertise on this site   Site map Site map   Statistics Statistics   Site tips Site tips   Privacy policy Privacy policy   Contact Contact  
For more information send a message to :
info at phpclasses dot org.
Copyright (c) Icontem 1999-2008 PHP Classes - PHP Class Scripts
  PHP Book Reviews - Reviews of books and other products