|
|||||||||
|
|||||||||
| |||||||||
|
|||||||||
|
|||||||||
| |||||||||
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Rate Thread | Display Modes |
Dev Shed Forums Sponsor:
|
|
Stay one step ahead of the competition. Evaluate and give feedback
on some of the hottest web development tools on the market today.
Make your opinion heard! Click
Here
|
|
#1
August 19th, 2003, 07:36 AM
|
|||
|
|||
|
Curious about the secuirty user login
I have read many (if not all) of the articles listed in this forum in reguards to having a user login on my website. It is necessary for me to have multiple users with differing access levels, as a result of this, I have decided to implement a user login that accesses a mysql database.
In the database I maintain four things about every user: the user id number, user name, access level, and password. I have a simple form that asks the user for their user name and password. I then ask the database to return all users that have the same username and password that as those that were entered in the form. (user names are unique, I assign them myself) If the username and password are found in the database I assign 3 different session variables ( userIDnumber, username, and accesslevel ) and redirect the user to the members only section. On each members only page I check to make sure the session variables are set and the accesslevel is high enough to view the page. I was just curious if there were any major security issues in doing this. IE is it possible for someone to artificially set session variables or if there are any major flaws in my way of approaching this etc. If it will help I can include my code Thank you for any help bobroq...
|
|
#2
August 19th, 2003, 07:46 AM
|
|||
|
|||
|
Session variables and/or application variables are a pretty secure way to do things, the only disadvantage is the length of the session variable, for example, that defaults to 20 minutes(Unless you change that setting on your own)
But then again, the best way to protect your data is to NOT MAKE IT ACCESSIBLE VIA INTERNET. That is the best approach ever... Now, how *safe* this data of yours must be? I mean are you working for NASA? Don't get me wrong here, I'm not making fun of you its just that people have the tendency to freak out like if hackers, for some reason, will attack their web sites...Trust me, they have, the good ones, better things to do... Anyway, Session variable are reliable for the type of security you're trying to implement That's my own 2 cents Hope this helps! Sincerely Vlince
|
|
#4
August 19th, 2003, 10:33 AM
|
|||
|
|||
|
Thank you very much for your help.
My information does not have to be NASA level secure :-), but it would be nice to know it is somewhat safe. Basically my company has a privacy policy with our customers in so much that we will not allow one customer to know who another customer is. Don't ask me why we have this policy I'm an admin for a grinding shop. Once again thank you for your help bobroq
|
|
| Viewing: Dev Shed Forums > Programming Languages - More > ASP Programming > Curious about the secuirty user login |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
