I am wanting to write login scripts for clients websites to make them more secure. I want to know what best practices I can implement into this. Password protected control panels are in their abundance, but very few seem to implement best practices in terms of code writing, speed and security.
I will be using PHP and a MYSQL database. I used to use pbkdf2 and bcrypt for hashing. I use MVC for design pattern.
Some login scripts log the IP address throughout the session or even the user agent, but I want to avoid that as it isn't compatible with proxy servers.
I am also a little behind the best practice in using sessions in PHP 5 so some best practices with this would be helpful and also an example will be very helpful.
Aucun commentaire:
Enregistrer un commentaire