PHP Classes

security hole

Recommend this page to a friend!

      Login Script  >  All threads  >  security hole  >  (Un) Subscribe thread alerts  
Subject:security hole
Summary:encryption is missing
Date:2008-07-04 10:21:20

  1. security hole   Reply   Report abuse  
Picture of Hillebrand Hillebrand - 2008-07-04 10:21:24
i tested the script and i noticed that the stored password is not encrypted like md5 or so. this would be necessary because if not you send the clean password through the net.

better is
a) storing the password inside the db md5 - encrypted
b) sending the password from the form after encryting it to md5. so noone can fetch the clean password an abuse the login.