Hi all, My site dropshiphelp.co.uk is growing nicely and now has over 550 members. The membership system is just run on a really simple script. Here is the sign-up page: http://dropshiphelp.co.uk/registeraccount.php The information is just inserted straight into the MySQl database. I want to protect the site as much as I can but don't think it has any security at all at the moment! Anyone know how I can protect the whole members area? I thought about pages like the login page being https:// but how much does this cost, and how can you do it? Any other measures I can take? Thanks.
Make sure your members login details are md5 encrypted in database so suppose if someone hacks database he wont be able to read passwords etc for https you need ssl cerificate.. Saad
Check your mysql then members table and if you can see passwords like this killme then it's not encrypted if it's like 1f3870be274f6c49b3e31a0c6728957f then it's encrypted..If it's not encrypted then you will have to modify your script take a look on it http://us3.php.net/md5 Thanks, Saad
MD5 may be cracked now if length < 7 chars. My recommend is MD5+base64 Password=MD5(Base64_encode('REAL_PASSWORD')) It is very strong