PHP Safety

[milo526]

I'd like to make a website so I can do pre-managed actions "on-the-go"

 

Is it safe for me to make my own webpage (hosted) where I declare a PHP variable, and ask for an input.

Than when the input equals the PHP variable, let me see the page.

 

Since I only need 1 account, i don't think it is necessary to make a whole login page with an MySQL DB.

Is this safe and is this a good way to solve my "problem" ?

 

Thanks in advance.

[Ciccioo]

if it's just a simple page that only one user has to access, and you're sure that the 'password' doesn't ever need to be changed by anyone else than you, then i don't think it's a bad idea: it's infinitely more simple and faster to code than anything else, and it just works

also, the simpler the code, the less are the possibilities to do errors that lead to security issues

 

 

depending on how serious the thing is, and how much safe you want it to actually be, you should use https, otherwise the password will be transmitted in plain text over the network and it would be fairly easy to steal it, if just someone good at networking wanted to do that

[milo526]

if it's just a simple page that only one user has to access, and you're sure that the 'password' doesn't ever need to be changed by anyone else than you, then i don't think it's a bad idea: it's infinitely more simple and faster to code than anything else, and it just works

also, the simpler the code, the less are the possibilities to do errors that lead to security issues

 

 

depending on how serious the thing is, and how much safe you want it to actually be, you should use https, otherwise the password will be transmitted in plain text over the network and it would be fairly easy to steal it, if just someone good at networking wanted to do that

I'm using it to quickly send emails and get info about my school. Nothing others shouldn't be able to see or do. But just to prevent spam to my friends, I'd like it to be a bit more secure.

Thanks for you help

[topsu]

So when you type the password, you are redirected to a new page or what?

[Ciccioo]

I'm using it to quickly send emails and get info about my school. Nothing others shouldn't be able to see or do. But just to prevent spam to my friends, I'd like it to be a bit more secure.

Thanks for you help

yeah, that will be secure enough

 

i should have mentioned that storing passwords in php is not good practise anyway, and every time you store a password in plain text, a security expert in the world cries

if you just want to go a little bit further, you should store the hash of the password in php, something like

 

calculate the hash

$password = 'monkey';$hash = md5('huehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehue' . $password);echo $hash;

now, you take the value that gets printed and you use it in your login script

$pass = $_POST['password'];$hash = md5('huehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehuehue' . $pass);$knownHash = 'the value printed out by the previous script';if($knownHash == $hash)              echo $pageContent;else              echo 'authentication failed';

the huehuehue part is there to protect you from rainbow tables

anyway this is a little less obscene, because even if someone gets to see your code, they won't be able to know the password, and it doesn't take much effort to impement it, as you see, it's all there