Snitz Forums 2000
Snitz Forums 2000
Home | Profile | Register | Active Topics | Members | Search | FAQ
Username:
 Password:
Save Password
Forgot your Password?

 All Forums
 Snitz Forums 2000 DEV-Group
 DEV Discussions (General)
 MLev question		  New Topic  Topic Locked
 Printer Friendly
Author Previous Topic Topic Next Topic  

e3stone
Average Member

USA
885 Posts
Posted - 11 October 2002 :  18:48:29  Show Profile  Send e3stone an AOL message
is there a security risk to storing MLev in the cookie along with the username and password? I'm just thinking about ways to store user privileges without having to query the database for each page. The table diagram I have set up for the user privileges would require me to join two more tables (3 total) and I'd like to only have to do that once, rather than each time inc_header runs.

I could encrypt all the privileges just like the password. What are your thoughts on this?
<-- Eric -->

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 11 October 2002 :  18:53:05  Show Profile  Send ruirib a Yahoo! Message
You'd be opening your forum to easy hacking. One thing is to encrypt an highly variable password, other is to encrypt one of three values: 1,2,3. I guess it would be easy to find out the encrypted values and change them to get admin access to the forum.

A database is meant to be queried. I guess that using too many queries can be detrimental, performance wise, but that doesn't mean that you should not use the number of queries you need.

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

e3stone
Average Member

USA
885 Posts
Posted - 11 October 2002 :  19:06:01  Show Profile  Send e3stone an AOL message
Thanks for the quick response, ruirib. I didn't even think about the mLev values not being as variable as passwords....and easier to hack. Forget the cookies idea, then
<-- Eric -->
Go to Top of Page

ruirib
Snitz Forums Admin

Portugal
26364 Posts
Posted - 11 October 2002 :  19:14:37  Show Profile  Send ruirib a Yahoo! Message
No prob, glad I could help .

Snitz 3.4 Readme | Like the support? Support Snitz too
Go to Top of Page

pweighill
Junior Member

United Kingdom
453 Posts
Posted - 11 October 2002 :  20:26:24  Show Profile
quote:
Originally posted by e3stone

is there a security risk to storing MLev in the cookie along with the username and password? I'm just thinking about ways to store user privileges without having to query the database for each page.


You could store it in a session varible.
Go to Top of Page

e3stone
Average Member

USA
885 Posts
Posted - 11 October 2002 :  20:28:38  Show Profile  Send e3stone an AOL message
quote:
Originally posted by pweighill
You could store it in a session varible.


that's another option. I try not to use Session Variables too much, but we seem to be using them more in 3.4
<-- Eric -->
Go to Top of Page

pweighill
Junior Member

United Kingdom
453 Posts
Posted - 11 October 2002 :  20:31:46  Show Profile
It's a toss-up between doing multiple database queries or using session variables.

Depends on the situation though, when deciding which to use.
Go to Top of Page
  Previous Topic Topic Next Topic  
 New Topic  Topic Locked
 Printer Friendly
Jump To:
Snitz Forums 2000 © 2000-2021 Snitz™ Communications Go To Top Of Page
This page was generated in 0.89 seconds. Powered By: Snitz Forums 2000 Version 3.4.07