Is my webSite Secure?

[purple_banana_ftp87]

I made a login web page and I want to know if anyone can test for any security holes. The link to page is:

http://www.purplebananaftp.pcriot.com/pass.html

There is a secret token code I have set up too, So if you manage to break it please inform me with the token. And then tell me what programing launuge it is written in.
Thanks

 

[essellar]

No, it's not. And the reason it's not secure is that there is only one password for everybody. If that one password leaks, then the site is essentially wide open -- since every user shares the same password, you can't just change the password when the site is compromised, since that will lock everyone out. It doesn't matter what kind of code you are using to check the password or how "impossible" it is to get into the site without the password, the fact is that every single user of the site is a "secret keeper", so you only need one careless person to bring the whole thing down. (And since you aren't using https -- and can't on free shared hosting -- the password is transmitted "in the clear", anyone who uses your site over open wifi is a leak; openly available tools like FireSheep make getting the password easy.) Every user should have their own password. That way, if one password is compromised you can change just that password without bringing down the whole site.

Don't get clever. Good security means using something that the "enemy" can know absolutely everything about and still not get in quickly enough to make it worth their while. See this thread in the "Scripts" forum; the basic requirements are pretty thoroughly covered there.