/    Sign up×
Community /Pin to ProfileBookmark

Using a PHP Token with MySQL

Copy linkTweet thisAlerts:
Dec 06.2008

In my PHP Security book, it talks about how you should use a token (which I know contains random numbers, but am not sure if it contains anything else) with things like sessions and cookies to keep your scripts and database secure. I’m confused. Are you supposed to store this token in the database, or generate a new one for each login and/or page?

to post a comment
PHP

3 Comments(s)

Copy linkTweet thisAlerts:
@svidgenDec 06.2008 — There's an example of token usage at the end of this page: http://phpsec.org/projects/guide/2.html ... is this the type of thing your book is referring to?
Copy linkTweet thisAlerts:
@Joseph_WitchardauthorDec 06.2008 — Yeah, that's what I'm talking about. So, I generate a new token with each session?
Copy linkTweet thisAlerts:
@svidgenDec 06.2008 — If I understand it correctly, it's best to generate a new token with each [important] request. I don't use this sort of thing very often. The few places I've used it, I generated a new token for each submission of the particular form.

Bear in mind, this is definitely not a fool-proof protection plan. But, it does add a [I]slight degree[/I] of certainty that the form was submitted naturally and by the intended user.
×

Success!

Help @Joseph_Witchard spread the word by sharing this article on Twitter...

Tweet This
Sign in
Forgot password?
Sign in with TwitchSign in with GithubCreate Account
about: ({
version: 0.1.9 BETA 5.16,
whats_new: community page,
up_next: more Davinci•003 tasks,
coming_soon: events calendar,
social: @webDeveloperHQ
});

legal: ({
terms: of use,
privacy: policy
});
changelog: (
version: 0.1.9,
notes: added community page

version: 0.1.8,
notes: added Davinci•003

version: 0.1.7,
notes: upvote answers to bounties

version: 0.1.6,
notes: article editor refresh
)...
recent_tips: (
tipper: @AriseFacilitySolutions09,
tipped: article
amount: 1000 SATS,

tipper: @Yussuf4331,
tipped: article
amount: 1000 SATS,

tipper: @darkwebsites540,
tipped: article
amount: 10 SATS,
)...