security: login / password

boyzdynasty

I have a php login page...

When the user hit submits, it redirects it to another page to do the query to a mySQL DB.

I use POST to post the username and password. Since I have save it in the header ($POST['userid] & $POST['password']) in order to transfer the info to another page, is it safe to do that way?

If anyone can provide any tips on this matter, please let me know.

vincery

Hi,

You can have the option to encrypt sensitive information such as a password. You can use the password()
function in mysql.

For a higher level of security you
can combine both the encryption
approach and using Secure Sockets
Layer (SSL) protocol. Also, make
sure you implement the "lesser previledged" approach to your
server objects such as the database
or server files.

boyzdynasty

I looked up password() and it was not listed in the manual. 🙁

goldbug

Originally posted by boyzdynasty
I looked up password() and it was not listed in the manual. 🙁

Yes it is.
http://dev.mysql.com/doc/mysql/en/Encryption_functions.html

boyzdynasty

ah....

i was looking in PHP.net :rolleyes:
and the closest function i found was md5()

hehe. :p

thanks