Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Securing a login system
Securing a login system
  • El Forum
    Unregistered
  •  
#1
11-14-2010, 09:12 PM

[eluser]Medikal[/eluser]
Hey guys, just gonna run down my current thought of a login system for you and wondering if you could give me some feedback as to possible holes in it's security. Note I am not using an SSL Certificate.

User logs in using username and password, if they are correct it sets a cookie value to
the format of 'userid-randommd5'. The random md5 is a completely random code generated only if their credentials are correct, and inputs it in a field in their database row. The other is obviously their unique user ID.

So every single time a page loads it checks if the user ID, the user they are or impersonating to be, and checks it against the random value, if it matches the script continues, otherwise it kills the cookie and all user-only content is blocked.

I understand this checking every time a page is loaded provides a huge and maybe unnecessary amount of overhead, however if anyone can provide a secure alternative, it would be much appreciated.

Thanks, Dan.


Messages In This Thread
Securing a login system - by El Forum - 11-14-2010, 09:12 PM
Securing a login system - by El Forum - 11-14-2010, 09:43 PM
Securing a login system - by El Forum - 11-15-2010, 12:26 PM
Securing a login system - by El Forum - 11-15-2010, 12:30 PM



Theme © iAndrew 2016 - Forum software by © MyBB