How secure is this?

Sheepoholics

Sheepoholics

New Member
Messages
266
Reaction score
0
Points
0
So basically I'm working with security in php and am right now testing some very basic stuff. I'm wondering if you (with a little hacking knowledge) be able to successfully get into a file. So basically this is what I have set up right now.

An Html form like so
Code: 
<form action="phpfile1.php" method="post">
 <p><input type="text" name="post" /></p>
 <p><input type="submit" /></p>
</form>
which connects to a php file that looks something like this.

PHP: 
<?

if ($name ==  seceretpassword)
{
echo "Password Correct";
} else {
echo 'Wrong Password';
}
?>
Doing a security system like this seems to be farliy secure because when you view the source phpfile1.php
all you see is the raw output of either
"Password Correct"
or
"Wrong Password"
even when you go to the page directly it will still display
"Wrong Password"
Are there any holes in this?

http://www.sheepoholics.x10hosting.com/phpstuff/stuuf.html
is a test of it if you wanna look. (the password is not the same)
 
Bryon

Bryon

I Fix Things
Messages
8,149
Reaction score
101
Points
48
Having a password stored in the actual file is one of the safest ways to keep it secure. With no database, basically the only way to find out what the password is would be to view the file's contents.

The only problem I would see here would probably be with register globals. If you placed the password into a variable, and they checked the user-supplied password against that variable, the real password could possibly be 'over-written' with whatever the person supplied.

Just a simple:

PHP: 
if ($_POST['inputName'] == 'actualPassword'])

Is probably the most secure way to accomplish this, and I believe that is what your doing.

So basically, your pretty secure and don't have to worry about someone gaining un-authorized access to whatever your password protecting; unless they view the file.

-Bryon
 
Cynical

Cynical

Active Member
Messages
3,492
Reaction score
0
Points
36
Bryon said:
So basically, your pretty secure and don't have to worry about someone gaining un-authorized access to whatever your password protecting; unless they view the file.
Click to expand...
To avoid people from seeing the password if they view the file, store it in a PHP document ("<?PHP $pw='abcdefg'; ?>"). If they view it then it will just be a blank page :) .
 
You must log in or register to reply here.
Top