I have administration part of my web site. But it will have only one user who will login in the page.My question what is more safely from attacks ? The user and password to be stored in mysql database or directly in .php file ?
ultras1 0 Newbie Poster
Recommended Answers
Jump to PostPlease Store your all Username and Password in Database with Encrypt of Password Field. This is Most Security Option in admin Panel.
Jump to Postthe best solution is session..
because after a specified time the use automatically logged out so session is best option for security.
All 8 Replies
Will Gresham 81 Master Poster
A database would be more secure.
If your PHP compiler stopped working for any reason, your PHP code yould be displayed as plain text, meaning that your password would be visible.
However, if you have it in a database and the compiler stops working, then the user will not see the Admin password. Although they would see the database connection information.
The best way would be in a database, and setup access hosts in your database to prevent anyone other than Localhost making a connection (Also, make sure your database user password is not the same as any other password you use, a string or random numbers/letters/symbols for example)
network18 15 Practically a Master Poster
encrypting the password before storing it to the db is also a good security measure.
hemgoyal_1990 5 Junior Poster
Please Store your all Username and Password in Database with Encrypt of Password Field. This is Most Security Option in admin Panel.
ultras1 0 Newbie Poster
Ok, thanks to all :)
ultras1 0 Newbie Poster
One more question. What is better solution for login users. Cookies or sessions?
In cookies I put the time of their duration, but what about sessions, how long is their duration?
hemgoyal_1990 5 Junior Poster
the best solution is session..
because after a specified time the use automatically logged out so session is best option for security.
Will Gresham 81 Master Poster
the best solution is session..
because after a specified time the use automatically logged out so session is best option for security.
I am going to disagree with your reasons for using sessions over cookies, although Sessions are more secure in themselves:
This can also be done with Cookies, you can set the time they expire.
I assume you meant that they expire when the browser closes, but an auto timeout is not really required in most situations so can't really be used as the main point for using sessions..
The main advantage of sessions is that the session data is stored on the server, not on the client PC (Cookies store the data on the Client).
The only thing that is stored on the client is the session ID.
smartness -3 Junior Poster
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.