Tips for writing secure PHP?

S

Steve

New member
Don't store their password in the session.
When they sign up encrypt their password before you put it in the database.
I used to use http://us.php.net/manual/en/function.md5.php I believe but it has been a while.

Then when they sign in encrypt the password they typed in and then compare it to the encrypted password in the database. Don't store their actual password in case the database is compromised.

You should also read up on public keys and private keys: http://en.wikipedia.org/wiki/Public-key_cryptography.

and also SQL injection:
http://en.wikipedia.org/wiki/Sql_injection
 
I am working on a log in system for my website. Can someone tell me if this is safe PHP? I am creating a salt with md5 and sha1. Then I am combining the salt with my password and then hashing it again. Is this safe? Also, is this the proper way to read session variables?
if($password != $_SESSION['password']) {
return false;
}

I want to make sure my website is a s safe as possible? Any tips?
 
Don't store their password in the session.
When they sign up encrypt their password before you put it in the database.
I used to use http://us.php.net/manual/en/function.md5.php I believe but it has been a while.

Then when they sign in encrypt the password they typed in and then compare it to the encrypted password in the database. Don't store their actual password in case the database is compromised.

You should also read up on public keys and private keys: http://en.wikipedia.org/wiki/Public-key_cryptography.

and also SQL injection:
http://en.wikipedia.org/wiki/Sql_injection
 
Back
Top