Results 1 to 8 of 8

Thread: Is this php script secure?

  1. #1

    Is this php script secure?

    Hi friends. I made a login script for my website. I personally think it is pretty safe but I was wondering what you guys think. Tell me if you see any vulnerabilities or exploits that I should patch up. How could people crack it?


    Appreciate it.

  2. #2
    Senior Member
    Join Date
    Oct 2001
    Post the source code then poeple will be able to help you. Otherwise there's no way of telling how secure the script is.
    OpenBSD - The proactively secure operating system.

  3. #3
    Depends what kind of encryption you using in your database. If it's just plain text then you should slap your self on the back of your head. Also where is the source at?

  4. #4
    Join Date
    Dec 2001
    well I cant even see the page but the source would be good.
    [glowpurple]A_420_hacker_24::.\"A man without a computer is just a man, a man with a computer is a Admin\" ... \"If its not 4:20 on your clock, it\'s time to change the time\"..:Quotations from Larry Wall:.
    \"I think you didn\'t get a reply because you used the terms \"correct\" and \"proper\", neither of which has much meaning in Perl culture. :-) \"

  5. #5
    It's broke.

  6. #6
    Senior Member
    Join Date
    Jan 2002
    I scaned the site checking the tree and then entered http://www.pheeble.com/v5/ as being the second page after the intro and it let me right in. Never saw any kind of a login script. So I would venture it's not to secure if I can traverse the directory tree and pull up any page I wish.
    The COOKIE TUX lives!!!!
    Windows NT crashed,I am the Blue Screen of Death.
    No one hears your screams.

  7. #7
    No, that doesn't sound terribly secure, does it?
    But then, he may not have implemented it yet; he could just be testing the login at this point...
    WE ARE the anti cancer...
    WE ARE the only answer...

  8. #8
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Well, inside the httpd.conf (I'm going to assume we're talking apache here because that's my knowledge base, not IIS), in the intial <Directory> for this page, I would take Indexes out of the Options list. This prevents people from scanning/traversing directory trees.

    As for the php, we can't see the code so we can't check!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts