February 26th, 2004, 03:39 PM
|
|
|
|
Join Date: Apr 2007
Location: Bum Foo, Georgia, USA
Posts: 3
Time spent in forums: < 1 sec
Reputation Power: 0
|
|
|
User Login Methods and Security
So here I am doing the 'crash course for PHP and MySQL by making a full fledged web application' thing. It's about the easiest way I learn these things. Anyway, I want users to be forced to register and login in order to use the application. I already have a table set up on MySQL with user information and a form to register. My bind is, I've read up on ways to get login information using PHP and was wondering the security/performance risks/benfits from using an HTML form that passes along user name and password to a PHP page that then verifies it against the database. Then it would either display the next page after login, or display an error message and the fields again. On the other hand, I could just simply use HTTP authentication and confirming right there, then redirecting the user to the next page after login.
Both ways are touted as 'better' by the tutorials I've read, though a few seem indifferant, and I'm not experienced enough in online security to know which is better or if they both are about the same sercurity wise.
Just to hit it all in one post, would using a user account on MySQL (say user_validate) that can only log in from the localhost close any possible security holes regarding unauthorized people reading the user information table, or is there another way I should go about it?
|
Codewalkers Forums Sponsor:
AT&T devCentral & BlackBerry(r) Webcast Series: BlackBerry and GPS -Build Location Awareness into your BlackBerry Applications, July 10th-1:00PM EST. Register Today!
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
