View Full Version : Login System Advice

11 Aug 2009, 1:42 AM

I found on this thread http://extjs.com/forum/showthread.php?t=67346&highlight=login a nice login plugin... but i need advice to implement this safe for my application.

Of course i need an AJAX request to connect with the database and to check of the input is correct. What kind of security measures must i take to make the login system really safe?

13 Aug 2009, 12:22 AM
No one?:s

13 Aug 2009, 12:34 AM
I don't know anything about the plugin you reference, but general security practices should be:

The server should prevent SQL Injection.
The server should not send plain text passwords or other insecure data back to the client.
The server should validate all data even if it was validated with JavaScript.
The server could also provide additional methods such as:
Requiring Captcha type data to help ensure that a human completed the form.
Using an additional handshake key or hash that is stored in session for cross validation.
Locking a user id after X number of invalid attempts during X time period.

How you actually implement these things depends on the backend that you are using.