Re: Secure Login Form

HTTPS should definitely be used, this web form isn't secure otherwise
(password would be passed clear text).

I'd recommend php, as it's server side so you are processing
everything before it gets sent out. In addition, if you intend to use
a MySQL database, php integrates nicely.

Random generator is a good idea.



On Jan 16, 2008 3:28 PM, Jonathan Askew JBASKEW <JBASKEW@xxxxxxxx> wrote:

First of all, I have very limited experience with web development and
programming. That being said, I have been tasked with creating a secure
login form. What I need to accomplish is the following:

1.the user registers their user name and password, and then provides an
access code to prove they have bought the product and should have access to
the site.
2. The user then enters their username/password into the form in order to
login.
3. Upon returning to the site, the username and password should be
remembered and the user should not have to enter these again.

I have been looking at various ways to create the login from (php,
javascript, etc.) but I am concerned about the security provided. For
example, the simple examples of javascript logins expose the password by
looking at the page source. Since I am a new to web development, I do not
feel confident enough to create my own form. Each user needs to have their
own unique username/pass combo as well. Can anyone suggest some examples or
point me to a resource to get me started?

Also, this site has not been built yet and this is the first thing they
want done. I need some ideas for generating the access code and then
keeping track of which code has been assigned to which user. I was thinking
of using a random number generator to assign the codes. I am assuming this
will also mean that I need a secure way of checking the database for the
code and returning the data? Should https be implemented here?

Thanks in advance for any advice offered. Being new to these technologies,
I thought I should run everything by those more seasoned.

Blake



Relevant Pages

  • LOGIN INFO secure at wwww.americanexpress.CA?
    ... secure page which causes the lock symbol to be displayed in the status ... That is the difference which caused the login page ... even though the page itself is not https. ... of a lock in the login region. ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • Re: https-Question
    ... If the form is submitted to a HTTPS address then the form data will arrive securely, but there is another issue with using insecure login pages like this. ... It's good practice to have both the login page and the page you submit to fully secure ...
    (comp.infosystems.www.authoring.html)
  • Re: Passing data from a http page to https page. Is it secure?
    ... Theoretically, yes, it's secure. ... https to begin with. ... Yahoo Login page has 2 modes Standard and Secure. ... > standard mode the login page was an http one, but the data is being posted ...
    (microsoft.public.vsnet.general)
  • Re: is this webpage secure?
    ... >> I am told by people in charge at the campus where I teach that this login ... >> page is secure, that the form login info is secure ... | via ssl, port 443). ... I just used Ethereal and the packet decode does show https to 199.17.13.240 ...
    (alt.computer.security)
  • Re: is this webpage secure?
    ... >> I am told by people in charge at the campus where I teach that this login ... >> page is secure, that the form login info is secure ... | via ssl, port 443). ... I just used Ethereal and the packet decode does show https to 199.17.13.240 ...
    (comp.os.linux.security)