Authentication

Register Sign In

Authentication

desbest
Member
Posts: 64
Threads: 24
Joined: Jun 2017
Reputation: -4

#44

06-17-2017, 03:46 AM

(06-16-2017, 11:53 PM)Diederik Wrote: I took a look at your github page and I would like to note that writing a auth app can be very easy as you say indeed, but writing a secure login system is a whole lot of work...

Passing $_POST varIables straight into your sql queries makes you vulnerable to sql injection. You should read up on some basic php security issues.

That's why you use a server firewall like mod_security or Suhosin and pay for Comodo Firewall to add rules to mod_security. The server firewall escapes ALL the sql queries for you so you don't have to worry about remembering to escape every string individually.

The php functions that php gives you for escaping strings can easily be bypassed by hackers, so a server firewall provides much better protection from hackers.

I don't trust the php functions for escaping strings, and neither should you. Even Stack Overflow had answers about how to bypass the php sql escaping functions.

Messages In This Thread

Authentication - by ufhy - 08-22-2016, 11:42 AM

RE: Authentication - by albertleao - 08-22-2016, 11:49 AM

RE: Authentication - by PaulD - 08-22-2016, 11:51 AM

RE: Authentication - by prezire - 08-22-2016, 03:17 PM

RE: Authentication - by PaulD - 08-22-2016, 03:47 PM

RE: Authentication - by allan - 10-24-2016, 03:36 AM

RE: Authentication - by pathusutariya - 12-11-2016, 11:17 PM

RE: Authentication - by ciadmin - 12-12-2016, 12:37 AM

RE: Authentication - by qury - 01-11-2017, 03:23 AM

RE: Authentication - by iason - 01-13-2017, 08:35 AM

RE: Authentication - by Narf - 01-13-2017, 11:26 AM

RE: Authentication - by enlivenapp - 01-13-2017, 10:31 PM

RE: Authentication - by skunkbad - 01-13-2017, 06:00 PM

RE: Authentication - by albertleao - 01-13-2017, 07:18 PM

RE: Authentication - by enlivenapp - 01-13-2017, 10:27 PM

RE: Authentication - by Paradinight - 01-14-2017, 08:56 AM

RE: Authentication - by enlivenapp - 01-14-2017, 09:06 AM

RE: Authentication - by Paradinight - 01-14-2017, 10:48 AM

RE: Authentication - by enlivenapp - 01-14-2017, 11:09 AM

RE: Authentication - by prezire - 01-17-2017, 06:37 AM

RE: Authentication - by skunkbad - 01-17-2017, 03:57 PM

RE: Authentication - by byazrail - 01-19-2017, 11:42 PM

RE: Authentication - by andersonsalas - 01-20-2017, 08:46 AM

RE: Authentication - by Narf - 01-20-2017, 08:52 AM

RE: Authentication - by andersonsalas - 01-20-2017, 10:10 AM

RE: Authentication - by prezire - 01-24-2017, 04:52 AM

RE: Authentication - by Narf - 01-24-2017, 06:43 AM

RE: Authentication - by ivantcholakov - 01-24-2017, 08:03 AM

RE: Authentication - by prezire - 01-24-2017, 06:44 PM

RE: Authentication - by skunkbad - 01-24-2017, 11:14 PM

RE: Authentication - by Narf - 01-25-2017, 02:34 AM

RE: Authentication - by prezire - 01-25-2017, 05:52 AM

RE: Authentication - by Narf - 01-25-2017, 08:55 AM

RE: Authentication - by InsiteFX - 01-26-2017, 06:20 AM

RE: Authentication - by Sezu - 01-27-2017, 12:51 AM

RE: Authentication - by baselbj - 02-21-2017, 12:45 AM

RE: Authentication - by Hamed - 05-25-2017, 07:12 AM

RE: Authentication - by skunkbad - 05-25-2017, 02:25 PM

RE: Authentication - by prezire - 05-30-2017, 03:07 PM

RE: Authentication - by PaulD - 05-31-2017, 10:36 AM

RE: Authentication - by desbest - 06-16-2017, 05:57 PM

RE: Authentication - by Paradinight - 06-16-2017, 11:47 PM

RE: Authentication - by Diederik - 06-16-2017, 11:53 PM

RE: Authentication - by desbest - 06-17-2017, 03:46 AM

RE: Authentication - by Paradinight - 06-17-2017, 04:08 AM

RE: Authentication - by desbest - 06-17-2017, 04:34 AM

RE: Authentication - by Paradinight - 06-17-2017, 04:51 AM

RE: Authentication - by desbest - 06-17-2017, 08:28 AM

RE: Authentication - by Paradinight - 06-17-2017, 09:01 AM

RE: Authentication - by desbest - 06-17-2017, 09:11 AM

RE: Authentication - by Paradinight - 06-17-2017, 09:19 AM

RE: Authentication - by albertleao - 06-17-2017, 09:52 AM

Theme © iAndrew 2016 - Forum software by © MyBB