Security form web access

Welcome to our community

Be apart of something great, join today!

Register Log in
edwin

edwin

Moderator
Messages
42
Reaction score
3
Points
8
Hello, 

I have been asked to make a web application for a company that requires user and password to access. 

Whenever I have done something similar I have placed in the index a form (method: post and action: login.php). The form contains the typical user box and password. 

The login.php receives the two parameters and if the combination (user-pass) in the users table of the USERDB gives access to the client. 

I have the doubt that someone from the company tell me that this is not safe enough, that they are a serious company with very confidential information. Do you see it right? Can you add something to make it safer? 

Thank you. Greetings
 
Sort by date Sort by votes
B

Beverly

Newbie
Messages
21
Reaction score
0
Points
0
In principle it will always be the same structure, the security extras will mainly be jquery / php checks / validations ...

you can in the first instance ask for secure passwords, as you have seen in many sites: the password must contain 1 numeral, 1 uppercase and a length of at least 8 characters ...

Strictly validate the data received in login.php before introducing these to the SQL statement and not common:
Code: 
 $ user  =  $ _POST [ 'user' ] ;
$ contra  =  $ _POST [ 'against' ] ;
$ sql  =  "SELECT * FROM users WHERE user = ' $ user ' ....." ;

this is very insecure, you must take into account every aspect so that the work should be very well done and at the same time I lasted a long time without tinkering, which is the best!
 
Upvote 0 Downvote
  • Advertisement
    • X

    Xandria

    Newbie
    Messages
    14
    Reaction score
    0
    Points
    0
    Authentication via user and password is one of the most used methods, and in even more web environments. You should consider two aspects:

    1. Make your web safe, at least the login form and authentication process accessible by HTTPS, I would say more, your application accessible only by HTTPS.

    2. It validates both the client and server side the data entered by the user.

    3. Perform a check against CSRF attacks.

    4. As @"beverly"  explains , establish a secure password policy for your system.

    5. Avoid SQL injection.

    Where users come from, it does not matter, in an enterprise environment it could be that your application is integrated into a Windows Active Directory or similar, stored in the same database of your application or accessible through a web service or REST API, but always the procedure is the same: validation, identification and authentication !!!!
     
    Upvote 0 Downvote

    Similar Threads

    JohnnieNiz
    • Solved
    Suggestions for a blurry header background
    Replies
    4
    Views
    107
    JohnnieNiz
    JohnnieNiz
    Antoniorth
    • Solved
    How to hide an empty row?
    Replies
    4
    Views
    141
    PHPAMP
    PHPAMP
    Antoniovnp
    • Solved
    The button hover effect works reversely
    Replies
    2
    Views
    68
    Antoniovnp
    Antoniovnp
    EduardZ
    • Solved
    CSS inset, vw units, and Safari
    Replies
    2
    Views
    95
    EduardZ
    EduardZ
    Derekfem
    Suitable CSS Framework to Speed up Look and Feel
    Replies
    1
    Views
    68
    RickyWref
    RickyWref

    Advertisement

    Connect with us

    Web Hosting Forum - Net Hosting Talk

    Net Hosting Talk is designed to bring both customers and web hosting providers together. Here you will find a community experience to learn everything related to web hosting. Get more experience as a System Administrator, and Create your own hosting company.

    Online statistics

    Members online
    0
    Guests online
    3
    Total visitors
    3
    Totals may include hidden visitors.

    Forum statistics

    Threads
    946
    Messages
    2,647
    Members
    957
    Latest member
    gsbrt

    Forum Links

    Community platform by XenForo® © 2010-2022 XenForo Ltd.
    Top