I need any info how I can implement and maintain secure login in www and how I can protect my secure pages.
Cookie + session control ?
I'm programming a database program that is maintained and used via www. (http) I have mysql database behind all of it and I have followed Mysql and php security quidelines pretty well.
I check passwords/usernames with user that has only select granted to that specific table, nothing else.
Should I crypt passwords in browser, server or database?
Perhaps in all?
But how can I send/receive information from browser so that it is crypted?
How cookie time is measured? (I mean if I set time in server and host clock is something totally different...)
Using PHP4, Mysql ver. and Apache 2.0.35