我需要设立一个厨师,以保持用户记录状态。 I m将贴上用户名、密码和IP。 我的法典:
login process:
$hashed = md5($username.$pwd.IP);
setcookie( userstate , $username. : .$hashed);
restore user state:
$vars = split( : , $_COOKIE[ userstate ]);
pseudo: get user with username in $vars[0]
$hashed = md5($username.$pwd.IP);
if($hashed == $vars[1]) return true;
else return false;
难道这种方式可以安全地攻击特别安全局?
只有在你向客户输出内容时,才会发生XSS攻击。 由于你没有,这是不可能的。
另一个攻击病媒是注射。 您不能相信“COOKIE”值美元的投入。 因此,当你试图从数据库中获取信息时,你就不得不逃脱。
您所遵循的法典是NOT SECURE。 假设攻击者会得到 co,便有可能宣读使用者的密码。 情况不佳,因为用户往往重复各网站的密码。
如何检索密码? 自杀式袭击。 用户名和IP地址是微不足道的。 袭击者只需要使用密码的字典,制造你正在做的 has,然后与 co的 has子进行比较。
你执行过程中的缺失是攻击者不知的服务器旁遮掩钥匙。 See this page to Learning how Spring Securityisings the cookie - You should do similar.
I am trying to write a script to prevent brute-force login attempts in a website I m building. The logic goes something like this: User sends login information. Check if username and password is ...
<?php $con=mysql_connect("localhost","mts","mts"); if(!con) { die( unable to connect . mysql_error()); } mysql_select_db("mts",$con); /* date_default_timezone_set ("Asia/Calcutta"); $date = ...
I found this script online that creates a thumbnail out of a image but the thumbnail image is created with poor quality how can I improve the quality of the image. And is there a better way to create ...
如何确认来自正确来源的数字。
Most sites need some way to show the dates on the site in the users preferred timezone. Below are two lists that I found and then one method using the built in PHP DateTime class in PHP 5. I need ...
I wonder there is a way to post a message to a facebook business page with cURL? thanks
I want to create text as a watermark for an image. the water mark should have the following properties front: Impact color: white opacity: 31% Font style: regular, bold Bevel and Emboss size: 30 ...
How does php cast boolean variables? I was trying to save a boolean value to an array: $result["Users"]["is_login"] = true; but when I use debug the is_login value is blank. and when I do ...