tags:

views:

115

answers:

4
Q: 

security issues in Login registration system using php javascript mysql

I am building a web application from scratch that has registration and login functionality. I am completely a novice when it comes to security issues and attack like mysql injection. Apart from encryption of password in database, what are other security issues that i have to worry about?? And how do i take care of them?? Thank you

+1  A: 

One thing you really need to look out for is Cross-site Request Forgery (CSRF or XSRF). The easiest way to prevent it is to send a token with each request (even sending a copy of the login cookie will work).

Annie  2009-12-15 17:27:02
+2  A: 

You need to make sure to sanitize all variables in your SQL, if you're not using something like PDO this is done most easily with mysql_real_escape_string

For example, when you are checking a users credentials your code would look something like:

$sql = "SELECT `id` FROM `users` WHERE `username` = '".mysql_real_escape_string($_POST['username'])."' AND `password` = '".mysql_real_escape_string($_POST['password'])."'";
$dosql = mysql_query($sql); // etc

It's also worth adding the following to your login routine to prevent session fixation. 

session_regenerate_id(true);
seengee  2009-12-15 17:46:03
And if you're passing in an integer instead of a string, don't use `mysql_real_escape_string`, rather, cast it first, like `(int)$myInt`
philfreo  2009-12-15 23:36:44
+1  A: 

You also have to worry about Cross-Site Scripting attacks. (Often shortened to XSS) Basically, it means that if your application ever makes data submitted by the user part of the HTML of a subsequent page, it must be sanitized. For example, if your application was a message board, a malevolent user could put up a post with embedded HTML that would load a remote javascript without the user's knowledge.

A simple way to defend against it is to encode any data that is made part of the HTML of your web application using a function that encodes HTML characters into entity codes. In PHP, you can use htmlspecialchars().

However, there's really a lot more you should consider. OWASP (The Open Web Application Security Project) is the industry group that really creates the standards in this area. They publish the OWASP Top Ten list, a list of the 10 most prevalent security vulnerabilities. You'll see everything mentioned in of these answers listed there.

Paul  2009-12-15 20:31:43
+1  A: 

Search for "login security issues," there are a number of good articles. This one is great: most common security mistakes. Go through every single answer that has a vote and make sure you know what it means and that you're not making that mistake. In short, to be secure, you must assume every piece of data from a user could be malicious.

Bialecki  2009-12-16 02:15:47

related questions

Remove Quotes and Commas from a String in MySQL
What's the best way of converting a mysql database to a sqlite one?
How do you manage databases in development, test, and production?
Multiple foreign keys?
Add 1 to a field (MySQL)
Issues using MS Access as a front-end to a MySQL database back-end?
Bigger than a char but smaller than a blob
How do I retrieve my MySQL username and password?
Long-time LAMP Developer moving to VB.NET
How do I Concatenate entire result sets in MySQL?
Full complete MySQL database replication? Ideas? What do people do?
SQL: Distribution of table in time
SQLite vs MySQL
How do I create a new Ruby on Rails application using MySQL instead of SQLite?
Multiple Updates in MySQL
MySQL/Apache Error in PHP MySQL query
What all do I need to escape when sending a (My)SQL query?
Auto Generate Database Diagram MySQL
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
Python and MySQL
SQL Server 2005 implementation of MySQL REPLACE INTO?
How to export data from SQL Server 2005 to MySQL
Throw Error In MySQL Trigger
Binary Data in MySQL