PHP Password

by **jadecook** on Thu Apr 04, 2013 3:30 pm ([msg=74910]see PHP Password[/msg])

I was thinking about designing something I can log into to update my site. Just a simple PHP script with a single password, and I was wondering if something like this would be secure?

Code: Select all: <?php if ($_POST["password"] == "abc"){ show this info } else { echo "Password is wrong"; } ?>

That's secure unless someone gets read-access to your server. But by that point, you're already screwed.

3vilp4wn wrote:That's secure unless someone gets read-access to your server. But by that point, you're already screwed.

well actually, we think it might be vulnerable to timing attack but noone has really answered that question well. I tried exploiting it, but either it isn't vulnerable or the time difference is to small to detect with my code.

one interesting thing that i encountered which looking for an answer to this, http://stackoverflow.com/questions/3333 ... -vs-strcmp . lesson: never use == for string comparison, use === or strcmp()

Huh, interesting link, but if the user is inputting a string, the it shouldn't be a problem.
Anyways, I'll use === in the future.

PHP Password

PHP Password

Re: PHP Password

Re: PHP Password

Re: PHP Password

Who is online