By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,985 Members | 1,885 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,985 IT Pros & Developers. It's quick & easy.

Making my site secure

P: 40
Hi all,

My site is almost finished, and I just added a whole ADMIN section where I can update/edit my SQL database via easy-to-use forms. On Page one I use php to require a superuser password, and if correct, I set a $_SESSION variable that enables you to see every other admin page (I do a check for the variable at the top of the page and exit if not there).

I know I've read stuff about somehow encrypting (hashing?) the password, but I don't know what that means. If anyone can point me in the right direction, I'd like to keep things as secure as possible.

Also, I've heard there are ways to prevent people from running scripts on your site. How is that accomplished?

Finally, what's the best way to prevent people from direct linking to my site folders? For example, if you go to mysite.com/images right now, you can see all my images listed. Any way to prevent that?

Thanks in advance for the help. I know nothing about site security, and it's probably time to learn.
Dec 14 '07 #1
Share this Question
Share on Google+
3 Replies


P: 4
You can use the md5 functions in php to hash the password before saving.

For direct linking you can use check the referring page to see if it comes from your domain and if not don't allow it

- Shelon Padmore
Dec 14 '07 #2

100+
P: 105
If you are storing the password in a session variable then it may be worth encrypting the password.

But password encryption is normally used when storing it somewhere eg a database.
Dec 15 '07 #3

stepterr
100+
P: 157
Check out this article, you can probably ignore the registration part and just look at the login information. Link
Dec 15 '07 #4

Post your reply

Sign in to post your reply or Sign up for a free account.