I'm developing a software package in php that uses a login system. I use verification by checking the username and password against the values in my mysql database. After I verify them, I'm using $_SESSION variables to pass through the software to determine if the username and password have been verified already and if not it redirects to the log-in page.
I've recently read about security exploits with $_POST and $_GET that I have already addressed, (at least I hope) my concern now is with session hijacking.
I want to make sure my software is 100% secure. So secure that it passes tests from sites like hackersafe etc...
What is the best way to make a login system with PHP that is secure? Eventually I am going to add an SSL certificate to the software as well.
Any tips involving security would be awesome. Thank you all again!
I've recently read about security exploits with $_POST and $_GET that I have already addressed, (at least I hope) my concern now is with session hijacking.
I want to make sure my software is 100% secure. So secure that it passes tests from sites like hackersafe etc...
What is the best way to make a login system with PHP that is secure? Eventually I am going to add an SSL certificate to the software as well.
Any tips involving security would be awesome. Thank you all again!
Comment