Making my forum secure

BIOSTALL

Hey, i have a forum that requires a username and password in order to log in successfully. These are stored in a database. I was wondering if there's a way that someone could obtain a username and password or get into the forums without a username and password.

Thanks, BIOSTALL

leatherback

Well... that would be determined by your coding, now wouldn't it? :p

If you do it correctly, it would be very difficult. THere are probably ways around any security. But is you have some system that:

Checks for being logged in (link session_id against a IP nr?) at each page
Checks against sql-inserts in the login
Only enables registered users to retrieve their password (Preferably using a password-reset link, mailed to the original user, possible with a personal question)

you should have most under control.

LoganK

Yes, through SQL injection. To prevent, sanitize all user input and make double- and triple-sure that you escape all unexpected quotes!!!