|
-
Jul 21st, 2008, 08:44 AM
#1
Re: Form Cookies Security
 Originally Posted by LoopUntil
Crypting the password in md5 or sha1 in the cookies is quite useless.
Oh no, I never knew that. I will quickly remove it from all the sites I have made and replace it with the super secure plain text option. 
Originally Posted by LoopUntil
The file passwords.txt is protected with htaccess.
It should be outside the document root so in event of a web server exploit or the accidental deletion/corruption of the .htaccess file, it is not compromised.
Originally Posted by LoopUntil
The only thing I wanted to know is if some user can inject malicious code using the cookies and to know if this php code is secure.
Example: <?php system('ls') ?> in the cookies (of other things like that)... my code will execute this?
In answer to your question. There doesn't appear to be any code injection vulnerabilities. However, your code IS NOT secure for the reasons I mentioned above. SHA1 and MD5 are not useless as long as the programmer who utilises them is not an idiot.
-
Jul 21st, 2008, 03:05 PM
#2
Thread Starter
Member
Re: Form Cookies Security
You are right, thanks, RESOLVED!
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|
Reply With Quote