Results 1 to 5 of 5

Thread: how to check if session script works right?

  1. #1
    Join Date
    Aug 2009
    Posts
    399
    Thanks
    42
    Thanked 4 Times in 4 Posts

    Default how to check if session script works right?

    Hi all,

    I have a php_session script with cookies and Double password encryption. How I can check if the script is safe of all possible problems? (Problems such as: cookies are working OK, session started, the right user uses the session, session is destroyed perfectly and others...)

    If you need all script, I will change some info in it and post it...

    All suggestions are welcome

    Kind regards...

  2. #2
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Trial and error. The problem is that hackers have infinite time to try to hack your site, while you only have limited time to develop it.
    What you've described sounds good. The only way to continue checking it is to try to hack it yourself or imagine how someone else might. How could someone steal a session or steal a password? If you can't think of it, you're at least fairly safe.

    One thing that helps: you are designing this yourself and the system is unique. That fact means that you won't have people attacking your site or knowing anything about it. This is different than a shared system like a common bulletin board, wordpress, etc. This means that the target is smaller, not that it's 100% secure, but it does help.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  3. #3
    Join Date
    Aug 2009
    Posts
    399
    Thanks
    42
    Thanked 4 Times in 4 Posts

    Default

    Quote Originally Posted by djr33 View Post
    Trial and error. The problem is that hackers have infinite time to try to hack your site, while you only have limited time to develop it.
    What you've described sounds good. The only way to continue checking it is to try to hack it yourself or imagine how someone else might. How could someone steal a session or steal a password? If you can't think of it, you're at least fairly safe.

    One thing that helps: you are designing this yourself and the system is unique. That fact means that you won't have people attacking your site or knowing anything about it. This is different than a shared system like a common bulletin board, wordpress, etc. This means that the target is smaller, not that it's 100% secure, but it does help.
    Do you have time to try to hack my system? maybe you could try to check main mistakes other do? PM me

  4. #4
    Join Date
    Mar 2006
    Location
    Illinois, USA
    Posts
    12,164
    Thanks
    265
    Thanked 690 Times in 678 Posts

    Default

    Sorry, that's not my area. I know about the theoretical ways, but not the actual methods of doing it. Seems like a good service someone could set up, though.... interesting.
    Daniel - Freelance Web Design | <?php?> | <html>| español | Deutsch | italiano | português | català | un peu de français | some knowledge of several other languages: I can sometimes help translate here on DD | Linguistics Forum

  5. #5
    Join Date
    Sep 2008
    Location
    Bristol - UK
    Posts
    842
    Thanks
    32
    Thanked 132 Times in 131 Posts

    Default

    Looks like you need the help of a whitehat. Maybe try searching for one on the interwebs, be very careful though :P

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •