On 14/03/06, IG <[EMAIL PROTECTED]> wrote: > Hello. > > I got a password protected login script of t'internet a while back and > have implemented it. I just want to make sure it is secure.
It's not. 1. It only works with register_globals turned on. Not a good idea - register_globals has been off by default for some time now, for good reason. 2. There's a Cross Site Scripting vulnerability where you're echoing out the contents of $QUERY_STRING. 3. There's an SQL Injection vulnerability where you're inserting $username directly into the query without any validation or escaping. 4. You're keeping the passwords in the database unencrypted rather than using a one way hash which is bad in itself, but then you're storing also writing them to the session - if you're on a shared server, it's likely that any other site also on that server is able to read your session files. 5. You're checking the username and password on every page request - even after a successful login... which isn't really a security problem, just wasteful. -robin
