Originally Posted by Fou-Lu
- md5 is insecure. It has a high percentage of conflict. Use hash with sha256 at minimum instead.
- Look into writing a CIDR calculator for this. CIDR will let you handle ranges and subnets for ip addresses and respond accordingly.
As for cookies and sessions, sessions are fine for security so long as the sessionid isn't compromised. Cookies are useless for anything more than basic preference settings.
I have another basic Idea is as this application will be run over in my own company I want to arrange a access to the user whos is specificaly available in the IP range specified in the DB....
so any suggestions around this ??