Re: Secure Login Form

---

• From: "Rodrigo Blanco" <rodrigo.blanco.r@xxxxxxxxx>
• Date: Sat, 19 Jan 2008 11:48:49 +0100

---

Hello Jonathan,

just an idea, to go a little further in security than the suggested
SHA-1: SSHA (salted SHA) in order to hash and store your users'
password inside a DB.

You can find some initial reading here: http://www.securitydocs.com/library/3439

Kind regards,
Rodrigo.


On 16/01/2008, Jonathan Askew JBASKEW <JBASKEW@xxxxxxxx> wrote:

First of all, I have very limited experience with web development and
programming. That being said, I have been tasked with creating a secure
login form. What I need to accomplish is the following:

1.the user registers their user name and password, and then provides an
access code to prove they have bought the product and should have access to
the site.
2. The user then enters their username/password into the form in order to
login.
3. Upon returning to the site, the username and password should be
remembered and the user should not have to enter these again.

I have been looking at various ways to create the login from (php,
javascript, etc.) but I am concerned about the security provided. For
example, the simple examples of javascript logins expose the password by
looking at the page source. Since I am a new to web development, I do not
feel confident enough to create my own form. Each user needs to have their
own unique username/pass combo as well. Can anyone suggest some examples or
point me to a resource to get me started?

Also, this site has not been built yet and this is the first thing they
want done. I need some ideas for generating the access code and then
keeping track of which code has been assigned to which user. I was thinking
of using a random number generator to assign the codes. I am assuming this
will also mean that I need a secure way of checking the database for the
code and returning the data? Should https be implemented here?

Thanks in advance for any advice offered. Being new to these technologies,
I thought I should run everything by those more seasoned.

Blake

---

• References:
  • Secure Login Form
    • From: Jonathan Askew JBASKEW

• Prev by Date: RE: Former Employee Email - Exchange
• Next by Date: Re: Secure Login Form
• Previous by thread: RE: Secure Login Form
• Next by thread: Re: Secure Login Form
• Index(es):
  • Date
  • Thread

---

Relevant Pages User Login for Access ... Use built in Access Security. ... downside is now there is a new username/password for the ... Use custom login screen. ... (microsoft.public.access.gettingstarted) RE: How to allow users to change their password? ... be set up to provide the Security dialog window for password changes. ... I'll have to login using their login ... > name/password first. ... See http://www.QBuilt.com for all your database needs. ... (microsoft.public.access.security) Re: Enabling telnet, ftp, pop3 for root... ... Where did I say ANYTHING about not using authentication. ... You're presenting it like direct root login would be a total security ... DON'T have access to the port. ... (alt.os.linux) security bulletins digest ... Login using your IT Resource Center User ID and Password. ... Digest Name: daily security bulletins digest ... HPSBTL0112-006 Security vulnerability in Red Hat Korean Installation ... The information in the following Security Bulletin should be acted ... (Bugtraq) RE: 2K Server locking 98 users out ... >Windows Password. ... domain password but not their Windows password. ... Do you have security ... >successful and failed login attempts? ... (Focus-Microsoft)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)