Login   Register  
PHP Classes
elePHPant
Icontem

Not the most secure way of doing things possible, but provide...

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us

      Secure Session  >  All threads  >  Not the most secure way of doing things possible, but provide...  >  (Un) Subscribe thread alerts  
Subject:Not the most secure way of doing things possible, but provide...
Summary:Package rating comment
Messages:5
Author:troy knapp
Date:2011-02-01 20:31:17
Update:2011-02-02 13:05:01
 

troy knapp rated this package as follows:

Utility: Good
Consistency: Sufficient
Examples: Good

  1. Not the most secure way of doing things possible, but provide...   Reply  
Picture of troy knapp
troy knapp
2011-02-01 20:31:17
Not the most secure way of doing things possible, but provides an easy to implement, and easy to hack solution to get provide a limited amount of security.

  2. Re: Not the most secure way of doing things possible, but provid   Reply  
Picture of Masees Skenderian
Masees Skenderian
2011-02-02 03:33:22 - In reply to message 1 from troy knapp
Why is this not the most secure way?

  3. Re: Not the most secure way of doing things possible, but provid   Reply  
Picture of troy knapp
troy knapp
2011-02-02 03:38:56 - In reply to message 2 from Masees Skenderian
SSL is a better solution, but costs $$$. Even if you can reliably confirm the identity of your client on the other end of the connection, you are still vulnerable to packet sniffing etc.

  4. Re: Not the most secure way of doing things possible, but provid   Reply  
Picture of Masees Skenderian
Masees Skenderian
2011-02-02 10:01:12 - In reply to message 3 from troy knapp
Ohhh i totally agree, i thought you meant there is something wrong with the coding.

  5. Re: Not the most secure way of doing things possible, but provid   Reply  
Picture of troy knapp
troy knapp
2011-02-02 13:05:01 - In reply to message 4 from Masees Skenderian
No, nothing wrong with the coding. By saying it was easy to hack, I MEANT to say that the code was simple and you could change it easily for your own purposes and incorporate it into a larger security solution.

This script could be beat by an attacker that can spoof their IP address, and knows how to use cURL. It would probably be fine for a message board, for example, but I'd implement a deeper solution for more critical info.