On Sun, February 25, 2007 6:45 pm, Tosca wrote: > Quote from Fahad Pervaiz <[EMAIL PROTECTED]>: > "To ensure best security use database as well. Store IP, Session ID, > username, login time. After every few minutes you can re > authenticate the > user against these parameters." > > I have a login system with sessions and a database where I store > session ID, > username and what kind of user they are (like admin, moderator of > regular > member). This I check every time a page is refreshed. Is this secure > enough?
Are you running a bank? Or is it just a community forum? Without context, nobody on earth can answer this. Start reading here: http://phpsec.org to have a better handle on PHP security. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some starving artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
