Click here to Skip to main content
15,741,692 members
Please Sign up or sign in to vote.
0.00/5 (No votes)
See more:
A bit of a general question.
In my website I have a login feature. User details are stored in a MYSQL database and interacted with PHP. Passwords are stored as a salted md5 hash sum. (All the norm there)

Normally I would use sessions to track logins however my hosting company didn't like them for some reason. But I had a quick fix.

When you login it creates a cookie of the username and password you logged in with + an expirey time of an hour. Every time a page loads it checks these details against the database. I can't see any floors other than intercepting packets etc. Is this a viable solution to my problem, or is it a bit risky regarding security?

Code snippets seem irrelevant, but I can provide. Thank You for any tips with this matter.

1 solution

No. What is absolutely unsafe is MD5. It was found to be broken. See[^].

Switch to the cryptographic hash function ([^]) from the SHA family. See:[^].

Don't rely on "safe place", this is not enough. Change the cryptographic hash function.

Share this answer
Thomas.D Williams 13-Jul-11 4:37am    
Thank you for your response. Going to have to make some changes to the system. Teaches me a lesson for relying on such 'presumed safe' method

( P.S If you remember the Neural Network I was making thats been put on hold for a commercial project).
Sergey Alexandrovich Kryukov 13-Jul-11 10:37am    
You're welcome.
Good luck, call again.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900