PHP Password

PHP Password

Post by jadecook on Thu Apr 04, 2013 3:30 pm
([msg=74910]see PHP Password[/msg])

I was thinking about designing something I can log into to update my site. Just a simple PHP script with a single password, and I was wondering if something like this would be secure?

Code: Select all
<?php

if ($_POST["password"] == "abc"){
show this info
} else {
echo "Password is wrong";
}

?>
User avatar
jadecook
Experienced User
Experienced User
 
Posts: 77
Joined: Fri Aug 17, 2012 2:20 pm
Blog: View Blog (0)


Re: PHP Password

Post by 3vilp4wn on Thu Apr 04, 2013 4:00 pm
([msg=74911]see Re: PHP Password[/msg])

That's secure unless someone gets read-access to your server. But by that point, you're already screwed.
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)


Re: PHP Password

Post by WallShadow on Thu Apr 04, 2013 7:00 pm
([msg=74922]see Re: PHP Password[/msg])

3vilp4wn wrote:That's secure unless someone gets read-access to your server. But by that point, you're already screwed.


well actually, we think it might be vulnerable to timing attack but noone has really answered that question well. I tried exploiting it, but either it isn't vulnerable or the time difference is to small to detect with my code.

one interesting thing that i encountered which looking for an answer to this, http://stackoverflow.com/questions/3333 ... -vs-strcmp . lesson: never use == for string comparison, use === or strcmp()
User avatar
WallShadow
Contributor
Contributor
 
Posts: 613
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)


Re: PHP Password

Post by 3vilp4wn on Thu Apr 04, 2013 7:19 pm
([msg=74923]see Re: PHP Password[/msg])

Huh, interesting link, but if the user is inputting a string, the it shouldn't be a problem.
Anyways, I'll use === in the future.
Do not mistake understanding for realization, and do not mistake realization for liberation
Evil Ninja Hackers
???
٩(͡๏̯͡๏)۶

1A4EAMboaXpgvUSmtRbVRqbfJrbyuGhyoo
User avatar
3vilp4wn
Poster
Poster
 
Posts: 144
Joined: Sun Feb 10, 2013 2:05 am
Location: The darkness.
Blog: View Blog (0)



Return to Web Design

Who is online

Users browsing this forum: No registered users and 0 guests