Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Secure Login
Secure Login
  • El Forum
    Guest
  •  
#2
11-09-2009, 07:08 PM

[eluser]skunkbad[/eluser]
There are many vulnerabilites in login scripts, and unless you do some research on authentication exploits, you are sure to create something that can be bypassed, hacked, etc.

One thing I see is that anyone who can modify a cookie, or fabricate a cookie that sets the variables to TRUE is logged in. You shouldn't be testing for TRUE. You should be testing for a unique ID, and some sort of token. What you choose as your token should be something unique to the client's machine, or possibly the browser.

You might take a look at my Community Auth, located in my signature. The Authentication class is where all the action happens, and it should give you some ideas.


Messages In This Thread
Secure Login - by El Forum - 11-09-2009, 01:48 PM
Secure Login - by El Forum - 11-09-2009, 07:08 PM



Theme © iAndrew 2016 - Forum software by © MyBB