Custom session handling and safer passwords
- Author: Olaf
- Filed under: PHP scripts
Sep 16,2006
The latest update of the Access_user Class was focussed on a better security especially while usage on shared web hosts. Philp Olson noticed me about the problem of session storage on most of the shared hosting platforms.
I added to the class an external object which is based on a Zend tutorial, this way it was possible to solve this problem very quick. Further the password strings are encoded after the user has entered his password and submitted the string to the database. Also the password stored in the cookie is md5-encoded now.
I created for the existing user a list of all code updates in as special thread of the Access_user support forum.
Related posts
3 Responses for "Custom session handling and safer passwords"
Leave a reply
Categories
Latest Posts
- 4th of July Lottery from TemplateMonster.com
- Impressions from the Google I/0 conference
- More advanced features in phpMyAdmin
- Database Management with phpMyAdmin
- Website layout dimensions today
- Optimizing your Wordpress Blog for Google: Part 2
- Easy payments using Paypal IPN
- Optimizing your Wordpress Blog for Google: Part 1
- Using Wordpress widgets for an improved blogging experience
- New Support forum for finalwebsites.com
Meta
Top Commentators
- eworldhost (2)
- seo (1)
- dave (1)
- Sefru (1)
- Tamara (1)
- James Benson (1)
- Michelle (1)
Recent Comments
- Olaf: Please post further questions via the forum.
- Olaf: Please post further questions via the forum.
- Tutorials, Tips and Resource: [...] PayPal Payments Using IPN [...]
- eworldhost: I think you raised a very valid point.
- eworldhost: Thanks for the info. I never knew PHPMyAdmin
- Tamara: thanks a lot for such an exhaustive list
- Olaf: The promo is over an the winners are
- Olaf: you need to replace all single and double
- Sefru: I tried to use this script but I
- Olaf: Hi Dave, you don't need a third party service
You really ought to SHA-1 (or stronger) hash the passwords. MD5 has been shown to have various weaknesses for a while know. My preferred choice is SHA-256.
Right there are more safer hashes then md5() , but it’s only used to encrypt a password, without using a SSL connection a safer hash will not help very much…
I use SHA1 too. It is safer and much faster than anything else.