Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Javascript > secure login

Reply
Thread Tools

secure login

 
 
Nath
Guest
Posts: n/a
 
      01-02-2004
I know this may not be the best place to post this, but it's a start.

I am new to writing web pages, and am writing a mysql driven website. I want
to know how to setup a login page so a user only needs to login once during
a session, so all queries against the MySQL database will proceed smoothly,
without having to enter username/password again and again.

I don't know if it is possible to open the connection to the database once
during login, and then close it at the end, or if a connection needs to be
opened for each query. I would also like to implement md5 for the password,
but don't know how to go about it....i've had a play with javascript and
php, but can't figure out exactly how to do this.

Thanks for any help/pointers
Nathan



 
Reply With Quote
 
 
 
 
Hywel Jenkins
Guest
Posts: n/a
 
      01-02-2004
In article <3ff54c24$0$397$(E-Mail Removed)>,
DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX says...
> I know this may not be the best place to post this, but it's a start.
>
> I am new to writing web pages, and am writing a mysql driven website. I want
> to know how to setup a login page so a user only needs to login once during
> a session, so all queries against the MySQL database will proceed smoothly,
> without having to enter username/password again and again.
>
> I don't know if it is possible to open the connection to the database once
> during login, and then close it at the end, or if a connection needs to be
> opened for each query. I would also like to implement md5 for the password,
> but don't know how to go about it....i've had a play with javascript and
> php, but can't figure out exactly how to do this.
>
> Thanks for any help/pointers


Not JavaScript. I use PHP to check whether the user has authenticated
by comparing PHP_AUTH_USER against a database. Get the code from
http://usenet.hyweljenkins.co.uk/authenticate.php.txt
and include it at the top of every page.

The table "phusers" just has two fields, UserName and Password, both
TINYTEXT in this case.

--
Hywel I do not eat quiche
http://hyweljenkins.co.uk/
http://hyweljenkins.co.uk/mfaq.php
 
Reply With Quote
 
 
 
 
Michael Winter
Guest
Posts: n/a
 
      01-02-2004
On Fri, 2 Jan 2004 10:46:58 -0000, Nath <DON'T_SEND_ME@TRIPE_TO_MY_IN.BOX>
wrote:

> I know this may not be the best place to post this, but it's a start.
>
> I am new to writing web pages, and am writing a mysql driven website. I
> want to know how to setup a login page so a user only needs to login
> once during a session, so all queries against the MySQL database will
> proceed smoothly, without having to enter username/password again and
> again.
>
> I don't know if it is possible to open the connection to the database
> once during login, and then close it at the end, or if a connection
> needs to be opened for each query. I would also like to implement md5
> for the password, but don't know how to go about it....i've had a play
> with javascript and php, but can't figure out exactly how to do this.


JavaScript shouldn't have any part to play in this; it can, and should,
all be done with PHP or some other server-side language.

Use SSL (https: protocol) to provide the security you need. Using
JavaScript to hash the password using the MD5 algorithm is dangerous: the
user might not have JavaScript enabled. You'll want to hash the password
when it's stored on the server, but perform the hashing server-side.

PHP has a hashing library (Mhash), capable of MD5 and SHA1 (Secure Hash
Algorithm), but it won't necessarily be built-in. There should be plenty
of reference implementations to be found on the Web that you could easily
re-write with PHP if needed.

Mike


Check-out the PHP newsgroups - they are on their own server,
news://news.php.net/
There's also a standard PHP newsgroup, comp.lang.php

--
Michael Winter
http://www.velocityreviews.com/forums/(E-Mail Removed)d (replace ".invalid" with ".uk" to reply)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Secure your digital information assets with Secure Auditor. SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:53 AM
Secure your digital information assets with Secure Auditor SecureWindows with Secure Auditor alannis.albert@googlemail.com Cisco 0 04-14-2008 06:52 AM
Sharing Session state over secure / non-secure requests Daniel Malcolm ASP .Net 0 01-24-2005 04:45 PM
This page contains both secure and non secure items. A.M ASP .Net 5 06-08-2004 05:43 PM



Advertisments