Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Oct 2012
    Location
    mother land --india
    Posts
    165
    Thanks
    38
    Thanked 2 Times in 2 Posts

    Login enable using IP check

    HI friends,

    I have successfully created a login script for my webpage but now i need some help from you guys on security.

    1) I want to enable MD5 for my password.
    2) I want a script which allows a person to login from specific, If he is using out of raange from the specific he should be rejected.

    so please help me getting this done.....also suggest me if cookie & sesstion ID generation is good thing???


    Regards,

    Nani

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    1. md5 is insecure. It has a high percentage of conflict. Use hash with sha256 at minimum instead.
    2. Look into writing a CIDR calculator for this. CIDR will let you handle ranges and subnets for ip addresses and respond accordingly.


    As for cookies and sessions, sessions are fine for security so long as the sessionid isn't compromised. Cookies are useless for anything more than basic preference settings.

  • #3
    Regular Coder
    Join Date
    Oct 2012
    Location
    mother land --india
    Posts
    165
    Thanks
    38
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Fou-Lu View Post
    1. md5 is insecure. It has a high percentage of conflict. Use hash with sha256 at minimum instead.
    2. Look into writing a CIDR calculator for this. CIDR will let you handle ranges and subnets for ip addresses and respond accordingly.


    As for cookies and sessions, sessions are fine for security so long as the sessionid isn't compromised. Cookies are useless for anything more than basic preference settings.
    Hi Fou-LU,

    I have another basic Idea is as this application will be run over in my own company I want to arrange a access to the user whos is specificaly available in the IP range specified in the DB....

    so any suggestions around this ??

    Regards,
    Nani

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    If I understand your question properly, that is what CIDR could be used for.
    You give a CIDR an IP and a subnetmask or CIDR netmask/mask bits, then you ask it if a provided IP is considered valid within that block. This works perfectly for office domains.

    I believe CIDR is directly implemented into Apache as well, so you can also use allow/deny overrides and CIDR notation.

  • #5
    Regular Coder
    Join Date
    Oct 2012
    Location
    mother land --india
    Posts
    165
    Thanks
    38
    Thanked 2 Times in 2 Posts
    Quote Originally Posted by Fou-Lu View Post
    If I understand your question properly, that is what CIDR could be used for.
    You give a CIDR an IP and a subnetmask or CIDR netmask/mask bits, then you ask it if a provided IP is considered valid within that block. This works perfectly for office domains.

    I believe CIDR is directly implemented into Apache as well, so you can also use allow/deny overrides and CIDR notation.
    Sure, will work on post my updates here....


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •