|
pagolina
|
can some body help me?
i run my application with php mysql
how do i prevent it from being hack via the login field?
thank you
|
|
|
|
|
|
yawa-ti-de (f)
|
for one, sanitize your form input.
|
|
|
|
|
|
lojik (m)
|
aside from yawa-ti-de's post,
encrypt your password from clientside. you could use javascript MD5. that helps.
View yahoo login page source, thats how it's done.
|
|
|
|
|
|
nitation (m)
|
@ lojik I will strongly advice the poster not to take your advice. How does encrypting a password protect you from SQL INJECTION. I think most naija has turned programming to oshodi high-way where everyone off-ramp as they like. Your solution is nothing but a B-IIIIG Lie. Who taught you that? Where did you attend your own school. Give me your project that you applied such method and see if it will not be bypassed. Anyway, here is a method. <?php
// am checking if the user clicked the submit button
if (isset($_POST['submitbtn'])) {
//Assign the POST values to a variable
$username=$_POST['username'];
$passid=$_POST['passid'];
// Use the Strip Slashes function available on www.php.net
$username = stripslashes($username);
$passid = stripslashes($passid);
// Use the mysql_real_escape_string function available on www.php.net
$username = mysql_real_escape_string($username);
$passid = mysql_real_escape_string($passid);
// Query your database. Remember, my password uses MD5 algorithm
$sql="SELECT * FROM table_name WHERE adminuser='$username' && adminpass='".md5($_POST['passid'])."'";
// This helps you pin-point errors in your query
$result=mysql_query($sql);
?>
|
|
|
|
|
|
|
|
nitation (m)
|
and who says MD5 cannot be decrypted. lol
- nitation
|
|
|
|
|
|
|
|
*dhtml
|
and who says MD5 cannot be decrypted. lol
- nitation
moi . . . you guys should just take it easy already |
|
|
|
|
|
lojik (m)
|
and who says MD5 cannot be decrypted. lol
- nitation
MD5 decryption requires a lot of computing power and moreover, i use a self-modified version? As far as i know, its still the most difficult to decrypt. Close to impossible they say (because u need an enormous computing power to do that to the algorithm) |
|
|
|
|
|
nitation (m)
|
Post ten correct MD5 hash on this board.
Note that MD5 is not regarded as the best method of encryption
- nitation
|
|
|
|
|
|
kolitos007
|
Poster has your problem been solved as its all going all over again
|
|
|
|
|
|
kehers (m)
|
Yeah, yeah, md5 is not a 100% fool proof way of encrypting db passwords. But then, na naija we dey now, au many people really care about going that extra mile to hack u down (except of course u are interswitch or so  ), so its no crime running your encryption on md5. But for the word sha, md5 is not 100% safe (search around d web for rainbow tables and u'll understand.) Iv stop to use md5 for a while now. I use a password hashing algorithm u can check out here: http://www.openwall.com/phpass/ It gaurantees better encryption security |
|
|
|
|
|
yawa-ti-de (f)
|
kehers, I don't think you should go into developing a web app with that mentality. By so saying, you are implying that only people in Nigeria will view/want to harm your app. That's just like saying that since the game of mancala is an african one (what is mancala? google it ), that nothing should be done to alter it in terms of making the game better. Always code with the greater picture in mind. In the end, you will be a better programmer for it. |
|
|
|
|
|
kolitos007
|
kehers, I don't think you should go into developing a web app with that mentality. By so saying, you are implying that only people in Nigeria will view/want to harm your app. That's just like saying that since the game of mancala is an african one (what is mancala? google it ), that nothing should be done to alter it in terms of making the game better. Always code with the greater picture in mind. In the end, you will be a better programmer for it. Fair point, hackers do it for fun, and will just try to break anything no matter what country you are. |
|
|
|
|
|
![Nairaland [Nigerian Forum] Home](http://www.nairaland.com/Themes/default/images/english/home.gif)
Author
