Web Design Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Verisign Code Signing
Go Back   Dev Shed ForumsWeb DesignWeb Design Help
Reload this Page

frame drama and cookie/mysql security

Discuss frame drama and cookie/mysql security in the Web Design Help forum on Dev Shed.
frame drama and cookie/mysql security Web Design Help forum discussing topics such as video editing, audio editing, animation, etc. This is also the place to get recommendations on preferred web authoring tools.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
  #1  
Old April 21st, 2004, 10:38 PM
yocompia yocompia is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2004
Posts: 2 yocompia User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
frame drama and cookie/mysql security
i'm in the process of building a website and i have some design and security questions.

the current setup is as follows: registered users that are in a MySQL database may login and are given md5-hashed cookies to keep track of the login, and the design uses frames (a nav frame, title frame and large central frame)

1) elusive frame refreshing: i want, after each user has logged-in, to change the "login" button in the nav frame to read "logout", but i don't know how to make a given frame just refresh (then i could embed some PHP to make the button change); i DO know how to have a link that will load in a given frame (supply a target="mainFrame" in the HTML), but not how to do what i just described above

2) are frames even a good idea, or are they more trouble than they're worth? should i just write a big PHP file that generates dynamic HTML and then reloads itself with form values based on people clicking, logging-in, etc.? i don't know much about the standard procedure that others follow, so any info here is appreciated.

3) all user information (just login and password for now) is stored in md5-hashed form in a MySQL database and the supplied login info is md5-hashed and checked against the database; once this is done, a cookie containing the md5-hashed login and password is set for X seconds (3200 for now) and upon logout, the cookie is unset by expiring it (subtract from the time left valid); an initial concern is that someone could sniff the cookie and use the login until the cookie expires, but this isn't a huge concern (should it be?); are there any serious security problems with this model? since the info is md5-hashed into the database, brute-forcing shouldn't be a huge issue, should it?

any suggestions or pointers to relevant info would be appreciated.

thx for reading
Reply With Quote
  #2  
Old April 28th, 2004, 04:29 AM
nickpoole nickpoole is offline
Amateur Programmer
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Apr 2004
Location: Reading, Berkshire, UK
Posts: 1 nickpoole User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: < 1 sec
Reputation Power: 0
Smile I know what you mean
I have the exact same problem. in fact the only difrence is that i want to refresh the top 'header' frame.

Frames are the only way to present my site.

Java script seems to be the answer, but i haven't found the right script yet. I've tryed a number of variations that i've found around the web, but none work.
Reply With Quote
Reply

Viewing: Dev Shed ForumsWeb DesignWeb Design Help > frame drama and cookie/mysql security

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump

 Free IT White Papers!
 
Accelerating Trading Partner Performance
One in five. That's how many partner transactions have at least one error. That is an amazing statistic, particularly given the extraordinary leaps in innovation across the global supply chain during the past two decades. Download this white paper to learn more.
 
Competing on Analytics
This Tech Analysis is designed to help identify characteristics shared by analytics competitors, and includes information about 32 organizations that have made a commitment to quantitative, fact-based analysis.
 
Cost Effective Scaling with Virtualization and Coyote Point Systems
An overview of the industry trend toward virtualization, how server consolidation has increased the importance of application uptime and the steps being taken to integrate load balancing technology with virtualized servers.
 
Five Checkpoints to Implementing IP Telephony
Implementation planning for IP PBX software and IP telephony has become vital as businesses replace discontinued legacy PBX phone systems. This informative whitepaper outlines five "checkpoints" for any implementation plan that will help make IP communications a successful proposition.
 
Hosted Email Security: Staying Ahead of New Threats
In the last two years, email has become a fierce battleground between the nefarious forces of spam and malware, and the heroes of messaging protection. The spam volumes increased alarmingly every month, bringing clever new forms of phishing and virus propagation attacks.
 

Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 2 hosted by Hostway