Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 4 years ago.
Improve this question
What is the best & most secure way you've handled sessions in a PHP application? I want to know the best, most robust and secure method there is. :)
Your session data will be pretty safe. If you want to make it even safer, encrypt it. Beyond that, you'll have to be more explicit about what you desire.
That would depend on your environment. If your using a shared host, it maybe possible for others customers hosted on the same box to access you session data. If that's the case, it might be safer to store it in a database. But every server is different. Can you elaborate on your setup, and what your trying to protect against?
Related
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I have been building an application, in my spare time, for a while now and have been thinking about how to protect my product from piracy (it will be something that the customers will have on their server).
I have been checking out the various encryption products around and they seem to be do the trick.
But, I how much will it slow down my site?
It is currently not possible to let encrypted general programs run on customer machines (see On the (Im)possibility of Obfuscating Programs by Barak, Goldreich, Impagliazzo and Rudich).
What you probably mean is code obfuscation which is not encryption in any way. Most likely there is no performance hit when you use them in the same way as JavaScript runs in the same way when minified.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
Can u tell me, can i use database from this server www.serversfree.com for my own website?
I googled but couldn't find anything ..
Thanks all
Yes, if you are allowing in your database to access from outside. If you are behind firewall, you need to set up portforward. But i do not recommend this.
Instead to directly access your database from outside your server, let's write an API, use API key and security tokens to perform actions on your DB.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I don't really like using sql databases. I want to make a login system. Is there any security problem with having a passwords.php file with the passwords in it rather than having them in a database? I figure since php is server side, nobody should be able to access php code in passwords.php but what do I know?
Nope, no problem at all. In fact this is how .htpasswd stores its passwords.
But it makes adding, removing or editing them much, much harder than it needs to be.
Databases are quick, simple, and easy to use. You should probably use one.
So to sum up, if you have a small, unchanging set of users (for instance, you're making something for yourself and your friends only), then a file-based password storage is probably okay (assuming proper encryption and stuff). Otherwise, use a DB.
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
I'm currently using mysql_query() to approach DB.
I understand that this method will be removed in the future so I want to learn a new api.
What in your opinion is the best way and why? PDO or mysqli? or there is another one I haven't heard about?
Thank you.
I'm going to offer what I consider to be the best way to handle database stuff: Build your own class. In my case, this class just wraps mysql_* functions, however if I wanted to it would be really easy to change to a different one (such as if mysql_* gets removed). I only have to change a single file, and instantly the entire project is using a new API.
Believe me, do this right at the start and you will save yourself a LOT of work if and when you decide to change things around!
Closed. This question is opinion-based. It is not currently accepting answers.
Want to improve this question? Update the question so it can be answered with facts and citations by editing this post.
Closed 8 years ago.
Improve this question
To make things short: I'm writing an anonymous forum software with PHP. I just feel like using a database is overkill and restrains my amateur skills. Do you advise against using text files instead of database?
Thanks.
A database has advantages like some sanitation (no breaking of delimiters, newlines etc.) and less danger of access conflicts when multiple instances try to read from the table - and different from a file-based approach, writing conflicts are constrained to the record in question only.
Recommendation: use database
To make things short: Yes. Strong advise against text files.