Ok, so you have pointed out an problem, now that you have been so kind to do this could please recommend how to resolve this? Thanks, Jas
"Jay Blanchard" <[EMAIL PROTECTED]> wrote in message 002201c20d80$552be430$8102a8c0@niigziuo4ohhdt">news:002201c20d80$552be430$8102a8c0@niigziuo4ohhdt... > [snip] > I cannot believe that no one with alot of PHP and MySQL experience has not > replied to this post yet. Is PHP not a secure scripting language? I would > really like a little insight into this question, anyone? > [/snip] > > [rant warning!] > I'll bite! ;-( > > A. You gave so much code that those of us on the list who may be working may > have not had time to set it all up and test it. > 2. Security from what standpoint? That you can't be hacked? That people > can't use your CMS without authorization? That your code is complicated > enough to be impressive? Test your code...if it works you're good, if > not...fix it. > III. Your code is somewhat bloated, you don't have to go through everything > you go through to assure yourself security. Is this for an Intranet? If so > is the URL to the CMS accessible through the firewall? If for an Internet > site have you thought about putting the CMS on an SSL. > > Dang...and D. PHP is secure. You may, to assuage any further fears, encrypt > any username password information that gets transmitted from the login to > the server the first time. That is very insecure. I could port sniff your > butt to kingdom come and gain usernames and passwords all day long. You > cannot believe that no one with alot of PHP and MySQL experience has not > replied to this post yet. I cannot believe that anyone asking about security > would transmit the initial login as plain text...so we're even. > [/rant] > > Jay > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
