security question

[iAmAFish]

Hello everyone.

I am just experimenting with some dynamic web projects and i'm a little unsure about security precautions. I'm also really not quite sure where to ask these questions in this forum (so I apologise if this is not the correct place to ask, although since security is something that covers both server and client sides, it doesn't quite fit into either category). I have experience with databases and web front ends but security is something that I am quite new too.

A project that I am working on currently has a members area with a login. I won't be handling any sensitive data so it seems that encryption is not necessary, my plan is to have user name and password authentication (where i intend to hash passwords and transmit these where the server will reference again a users table in a database. (hashing simply to not transmit these as plain text). My concern comes with logging in as an administrator, I intend to have an administrator front end that gives a lot of privileges (such as being able to delete users). Since this is a little bit more sensitive, and hashing passwords is not very secure, Is encrypting the only way to establish a highly secure way to transmit data? I have been looking into using sessions more carefully (i.e. not allowing external sessionID's for one example) but I cannot think of any way to protect data transmission from a man in the middle that doesn't involve encryption (which I know nothing at all about in terms of setting up) any suggestions??

[divinequran]

Hi,

The first thing is that you hash your password. Then you store in DB so that the admin too wont be able to decrypt the hash password. Actually you have done most to secure the details.

If you want more security then you can go a head with SSL.

[Lamped]

Relating to your main point about man-in-the-middle, the only way you can really protect against that is with SSL certificates and ensuring your login is over HTTPS only. You could use Javascript to encrypt the password before submitting the login form, but that's not very effective. If someone's going to the length of snooping on your connection, I'm sure they'll spend a couple of minutes going through the Javascript.

As for general security in a language agnostic way:

- Use sessions/cookies to store a key in the browser (sessions does this automagically in PHP), and store data on the server side. If it's a shared server and contains potentially sensitive data, do not save it in the default temporary directory. Check the referrer, user agent and possibly the IP (though I hear this is an issue for proxied ISPs like AOL?) against the session data as an extra check against copied cookies. Never use transparent session ID features like PHP's transid.

- Always sanitise your database inputs. Always. Every time. Without fail. Unless you can be absolutely certain you're putting an integer into the database field, run it through the database's sanitisation/escape function, or use prepared statements.

- Make sure your administrator password contains at least 1 symbol, number and is a minimum of 8 letters long.