From: | Chris <csmith(at)squiz(dot)net> |
---|---|
To: | pgsql-php(at)postgresql(dot)org |
Subject: | RE: Re: Re: Secure pages |
Date: | 2001-03-13 22:32:06 |
Message-ID: | 4.3.2.7.2.20010314092748.00b43b60@203.25.173.1 |
Views: | Raw Message | Whole Thread | Download mbox | Resend email |
Thread: | |
Lists: | pgsql-php |
>Why not ask for a password, encrypt it (with 128bit or something;), check it
>with the database (which has the encyrpted pwds) and pass the encrypted
>password from page to page...
>
>like: <a href="blah.php?encryptedpassword">
>or just a variable which is one indicating that the password was typed in
>correctly at least once!
>
>For the mater of direct accessing you could just check if the pwd (or the
>var) was passed (is one) and if not -> well no access...
>
>You could also use a cookie and check for it (with the encrypted pwd) but (I
>don't know why) cookies seem preaty unsafe too me :o)
>
>just my two cents;)
This is the same sort of idea as sessions... but with sessions nobody sees
their encrypted password (not that they can read it, its better for people
not to see the info at all if possible.. and better for search engines).
As someone else suggested, have a check on each page for a session variable
(which of course is set when they login).
<?
if (!isset($sessionvariable) {
header("Location:login.php");
exit;
}
?>
This can be in an include file, as a function (just remember to globalise
variables! I always forget :P), that way it will get checked on all your
protected pages :)
HTH
------------------------
Chris Smith
http://www.squiz.net
From | Date | Subject | |
---|---|---|---|
Next Message | Martin A. Marques | 2001-03-13 22:42:26 | Re: Re: Re: Secure pages |
Previous Message | Grant | 2001-03-13 22:23:26 | Re: Secure pages |