Answer the question
In order to leave comments, you need to log in
How secure is my authorization method?
Good afternoon. There is a site, it plans to have only one user (admin), for this I don’t want to create and protect a login-password table in the database.
I think to create a secret link (get-parameter) to the authorization page, which will be only for the admin and there will be a password entry form. The password hash will be hardwired into the PHP code.
The question is: is it possible in some way to detect this link or extract the hash from the php code?
Or can eat any more interesting alternatives of authorization of one user?
Answer the question
In order to leave comments, you need to log in
Well, you can always pull out the PHP code. There would be a desire. A little desire. The question is different - to whom and why it may be needed. Make a list for yourself in your head. megakullhackers with nicknames "batman", "killer killer" and other Black Cloaks can not be taken into account. They don't even know what a hash is, let alone how to use it.
Realistically assess the situation, who and why can try to hack.
After you do this, use the normal security methods - with database encryption, https connection and so on. Also not a panacea, but at least somehow. If the resource is serious and its hacking is fraught with really serious problems, connect a TACACS + server for authentication and authorization, do not forget about https with the latest version of SSL, and maybe even set up a VPN. Those. you connect to the server via VPN, from there you connect to the site with all this https and TACACS.
And never ask such questions again. The maximum paranoia in the field of IT security is one of the professional deformations of a good administrator, allowing him to get good money, and he and his management to sleep peacefully.
Considering that the comparison of the GET parameter with the standard will most certainly not be performed in constant time, you can try to extract the hash by estimating the server response time.
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question