PDA

View Full Version : Login System Advice



nicobarten
11 Aug 2009, 1:42 AM
Hi,

I found on this thread http://extjs.com/forum/showthread.php?t=67346&highlight=login a nice login plugin... but i need advice to implement this safe for my application.

Of course i need an AJAX request to connect with the database and to check of the input is correct. What kind of security measures must i take to make the login system really safe?

nicobarten
13 Aug 2009, 12:22 AM
No one?:s

danh2000
13 Aug 2009, 12:34 AM
I don't know anything about the plugin you reference, but general security practices should be:

The server should prevent SQL Injection.
The server should not send plain text passwords or other insecure data back to the client.
The server should validate all data even if it was validated with JavaScript.
The server could also provide additional methods such as:
Requiring Captcha type data to help ensure that a human completed the form.
Using an additional handshake key or hash that is stored in session for cross validation.
Locking a user id after X number of invalid attempts during X time period.


How you actually implement these things depends on the backend that you are using.