There are a couple of things to do in order to keep your session secure: Use SSL when authenticating users or performing sensitive operations. Regenerate the session id whenever the security level changes (such as logging in). You can even regenerate the session id every request if you wish. Have sessions time out Don’t use … Read more
Update: Although this answer has been accepted a few years ago, note that its approach is now recommended against by the Apache documentation. Use a Redirect instead. See this answer. RewriteEngine On RewriteCond %{HTTPS} !on RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Disable browser ‘Save Password’ functionality
Improved Persistent Login Cookie Best Practice You could use this strategy described here as best practice (2006) or an updated strategy described here (2015): When the user successfully logs in with Remember Me checked, a login cookie is issued in addition to the standard session management cookie. The login cookie contains a series identifier and … Read more
Well, you could look it up in Wikipedia… But since you want an explanation, I’ll do my best here: Hash Functions They provide a mapping between an arbitrary length input, and a (usually) fixed length (or smaller length) output. It can be anything from a simple crc32, to a full blown cryptographic hash function such … Read more
It drops the students table. The original code in the school’s program probably looks something like q = “INSERT INTO Students VALUES (‘” + FNMName.Text + “‘, ‘” + LName.Text + “‘)”; This is the naive way to add text input into a query, and is very bad, as you will see. After the values … Read more