What is your best authentication system?

micklerlop

hi,

I would like to know your opinions.

Personally, i haven't been deeply involved in the security part of web development. I have been using php session and password() function in mysql to encrypt passwords.

What's is your most secure way?
please share your ideas

Thanks

brandonschnell

1) use cookies/GET SIDs to only store session identifiers. don't store usernames/passwords here.

2) have cookies timeout when the browser is closed

3) i prefer one way hashes for passwords. for example, to store passwords i md5() the users password and a "secret" variable. i won't ever need to get the original password.