View Full Version : Securing a database

05-13-2008, 05:38 PM
I have a database that is completely run by php. It's made to track things and each users needs NOT have permission to see the others (for security reasons).

I have a login page which calls an authentication page. That authentication page calls another file with the users and passwords and matches them up to decide what link to throw at the user.

That's all fine and dandy, but my problem is I can just type in the page that displays the database in a table and it goes to it bypassing my authentication.

Suggestions? I was thinking about using headers to make the page have to be referred by the login page but then when a user tries to make a change within the page itself and it's not being referred from the login page they are going to get kicked out.

I'm in a real predicament. I can show specific pieces of code if you need it let me know. I'm not sure what you'd need to see. It's just a generic.

Page 1 is a table
Page 2 is the authentication PHP code which calls:
Page 3 is the list of users
Page 4,5,6,7 and 8 are one of the user's pages with their specific database.

05-13-2008, 05:40 PM
Double post, sorry.

Is there a way I can make it authenticate then load the rest of a single page according to what credentials they put in? All at the same time while NOT displaying any pertinent information to crackers wanting to get the info? I mean, I can't put the username and password in plain sight in the code, I know that would be stupid.

05-13-2008, 07:46 PM
are you talking about using sessions?
When user has logged in you store for example their username to session and then in the browsing page you just check that the session is valid.