hosted by liquidweb


Go Back   Web Hosting Talk : Web Hosting Main Forums : Web Hosting Talk Tutorials : Web Design and Content Tutorials : Login Programming * MUST HAVE *
Reply

Forum Jump

Login Programming * MUST HAVE *

Reply Post New Thread In Web Design and Content Tutorials Subscription
 
Send news tip View All Posts Thread Tools Search this Thread Display Modes
  #1  
Old 08-17-2007, 01:32 PM
smanager smanager is offline
New Member
 
Join Date: Jul 2007
Location: Massachusetts
Posts: 4

Login Programming * MUST HAVE *


Five important variables you need to know when you develop a login page:

1- If you restricted area will work only with some browsers you should take that into account when you develop a login feature. For example, if you restricted area development has limitations with Opera or with Internet Explorer for mac, you should avoid giving access to users that are trying to login with those browsers - instead showing a message with the list of browser they can use to have full access to your back office.

2- Password protected against unauthorized people is another item. There three ways to save a password into a database.

a) as plain text (100% insecure)

b) two way encryption, that means the password is encrypted in the database and when the user wants to recover it - they will recover the same password using a programming feature to decrypt of the password. This is a better option than the one I mentioned above, but still allows to unauthorized people to use the programming skills to get the password.

c) The password is stored in one way encryption, this is the most secure way to store a password since there is no way to recover the same password.
In this scenario when the user forgets the password, it is recovered by doing an extra programming. The user clicks the link "forget my password" and is taken to a page where the user is asked for his email. If the email matches the one stored in the database, a link with a code that is generated automatically that the user can use to reset the password is sent to their password. When the user resets the password he has to validate his email and there there is no way for an unauthorized person to crack into an account.

3- Is also important that the information (user name and password) is validated in a secure server (ssl)

4- Another thing you should consider is the "Log Out". For example you can store the login information in his computers as a cookie. If you do that you
should consider storing that information in a way is not human readable, since a cookie can be readed easily from any computer. The best way to create a secure membership site to set up the cookie to expire when the browser is close. According, so every time a user logs in it has to put their username and password. Doing this you make sure that if a user does the login using a public computer nobody can get access after that user leaves the computer since the cookie will expire when the user closes the browser, (that was a major problem with hotmail in his earlier years)

5- Also is important to consider that every page that is behind the membership is a automaticaly redirect to the login page if password and username doesn't match. There are many ways to bypass a login access page for someone with programming knowledge if this measure is not take into account.


I hope this help someone that is the process to develop a membership website.

Have a good day!

Pablo



Sponsored Links
Reply

Related posts from TheWhir.com
Title Type Date Posted
MongoHQ Launches New Security Features, Open Sources Startup Security Handbook Web Hosting News 2014-01-30 12:22:00
Russian Search Engine Yandex Launches Cloud PaaS Tool Called Cocaine Web Hosting News 2013-10-17 16:05:05
cPanel Releases cPanel, WHM 11.34 with New User Interface Web Hosting News 2012-10-16 13:09:49
cPanel Conference 2012: What's New with cPanel and WHM with Ken Power Web Hosting News 2012-11-12 13:54:56
Web Host eUKhost Moves Billing System to New Server After Hacker Breach Web Hosting News 2012-04-30 10:21:08


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Postbit Selector

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Forum Jump
Login:
Log in with your username and password
Username:
Password:



Forgot Password?
Advertisement:
Web Hosting News:



 

X

Welcome to WebHostingTalk.com

Create your username to jump into the discussion!

WebHostingTalk.com is the largest, most influentual web hosting community on the Internet. Join us by filling in the form below.


(4 digit year)

Already a member?