S
strangefrogg
Guest
I'm a 'generalist'; namely, I'm THE IT guy at a midsize company. I'm just dabbling a bit in web design for knowledge for now but would like to actually put it to use in production at some point soon.
I'm playing with setting up log-in and security capabilities in a LAMP environment (Linux, Apache, MySQL, PHP) and I've completed a couple of web-based tutorials -- basic stuff -- create a little user table, create a registration page which encrypts the password, make a login page, make a page with secured stuff on it, etc, make a log out page...
..so far the examples I have been working with are using cookies. The login page creates a cookie with the username and (encrypted) password and then every subsequent page checks the cookie against the database...but this seems like it would be very cumbersome in production. Also, it doesn't seem like a particularly good idea to store a user's credentials on their machine, even if it is encrypted.
If I do use this stuff in production, the nature of my company's business requires that security is the overarching concern. Convenience and "Hi, Bob!" stuff is really not important. I'm fine with the user needing to log in again if he/she leaves the thing idle for more than a few minute and/or closes the browser.
Again, I'm a PHP / MySQL semi-newbie, but would sessions make more sense for this? Probably a mix of the two?
Any help or references to 'best practices' for this, and/or tutorials with examples?
I'm playing with setting up log-in and security capabilities in a LAMP environment (Linux, Apache, MySQL, PHP) and I've completed a couple of web-based tutorials -- basic stuff -- create a little user table, create a registration page which encrypts the password, make a login page, make a page with secured stuff on it, etc, make a log out page...
..so far the examples I have been working with are using cookies. The login page creates a cookie with the username and (encrypted) password and then every subsequent page checks the cookie against the database...but this seems like it would be very cumbersome in production. Also, it doesn't seem like a particularly good idea to store a user's credentials on their machine, even if it is encrypted.
If I do use this stuff in production, the nature of my company's business requires that security is the overarching concern. Convenience and "Hi, Bob!" stuff is really not important. I'm fine with the user needing to log in again if he/she leaves the thing idle for more than a few minute and/or closes the browser.
Again, I'm a PHP / MySQL semi-newbie, but would sessions make more sense for this? Probably a mix of the two?
Any help or references to 'best practices' for this, and/or tutorials with examples?