0

I have administration part of my web site. But it will have only one user who will login in the page.My question what is more safely from attacks ? The user and password to be stored in mysql database or directly in .php file ?

Edited by ultras1: n/a

5
Contributors
8
Replies
9
Views
7 Years
Discussion Span
Last Post by smartness
0

A database would be more secure.

If your PHP compiler stopped working for any reason, your PHP code yould be displayed as plain text, meaning that your password would be visible.

However, if you have it in a database and the compiler stops working, then the user will not see the Admin password. Although they would see the database connection information.

The best way would be in a database, and setup access hosts in your database to prevent anyone other than Localhost making a connection (Also, make sure your database user password is not the same as any other password you use, a string or random numbers/letters/symbols for example)

0

Please Store your all Username and Password in Database with Encrypt of Password Field. This is Most Security Option in admin Panel.

0

One more question. What is better solution for login users. Cookies or sessions?
In cookies I put the time of their duration, but what about sessions, how long is their duration?

0

the best solution is session..
because after a specified time the use automatically logged out so session is best option for security.

0

the best solution is session..
because after a specified time the use automatically logged out so session is best option for security.

I am going to disagree with your reasons for using sessions over cookies, although Sessions are more secure in themselves:

This can also be done with Cookies, you can set the time they expire.
I assume you meant that they expire when the browser closes, but an auto timeout is not really required in most situations so can't really be used as the main point for using sessions..

The main advantage of sessions is that the session data is stored on the server, not on the client PC (Cookies store the data on the Client).
The only thing that is stored on the client is the session ID.

This question has already been answered. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.