Does this consist of good site security?

Results 1 to 2 of 2

Thread: Does this consist of good site security?

  1. #1
    Join Date
    Dec 1969

    Default Does this consist of good site security?

    basically anyone can register on my site, and add, modify, or delete records. they can choose to login when first entering the site, which will set the session variables, username, usertype, userid. then after that they won&#039;t be asked to login again, but if they go to a page to add, modify, or delete the records (relating to them of course) and aren&#039;t logged in (session variables are empty), they&#039;ll be giving a username and password text box. so after they fill out all of the form, including their username and password, it will submit the data, assuming the un and pw are correct, and at the same time log them in. then the session variables are set.<BR><BR>this seems like a way to avoid submitting passwords on every submit, but still keep it secure. anyone can view the site, but if they want to modify/enter data they have to login.<BR><BR>is this a good way to go about it?

  2. #2
    Join Date
    Dec 1969

    Default It's adequate...

    But whether it&#039;s good enough depends ENTIRELY upon your needs.<BR><BR>For example, if anybody can read the data, even if not logged in, what&#039;s to prevent them from stealing email addresses or other info that should be private?<BR><BR>

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts