|
In the payment pages or that pages which
is dealing with money I prefer to use SSL and to enable cookie using SSL. But you know cookies are saved on the
client side , so the user maybe can modify the cookie file . And as you know session are stored on the
server site , so it may be more secure than cookies , and the security level
will increases if you are on a dedicated server. Really when I working with Money I always
use SSL and session. Anyway , I Advice you , do not store
username or password , or password md5sum on cookies From:
[EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of zaid emeish The security level you
seek is relevent to the importance of the data you are protecting, so if you
are protecting things that are recoverable and not that much of risk you don't
need to go far with protection, but if you are protecting data like credit card
numbers and social security numbers you might want to ask for the username
and password before seeing this page, just like amazone; they let you
shop on their site but when it comes to payement they require new login. And a
good practice i saw is that if the person is idle for a certain ammount of time
( e.g not clicking or doing any action) you can terminate the session and
require a new login. there are lots of things you can do but they can be
expensive on the application or usibility, so you really need to know what you
are protecting and how far you want to go with that. On 2/28/06, Anubis
HH <[EMAIL PROTECTED]>
wrote:
|
_______________________________________________ Jordan PHP Users Group http://php.jolug.org/ Php mailing list [email protected] http://mail.jolug.org/mailman/listinfo/php_jolug.org
