So I'm building my first website that requires access to an admin login portal and a simple MySQL database . I would like to ask if it is a terrible idea to use an acceptable / unacceptable system that was originally created in my DB to verify admin login.
Make me clear,
There may be some errors in the code, but I have written it here, consider this phony code. I want to know why this is worse and the fact is that if it feels dirty then it feels dirty. Yes, I know that I need to encrypt the username and password for the transfer.
Uh, yes, this is a terrible idea. Here's why:
If you log in user with an existing MySQL user, then you have a lot of security problems. Besides you a new mysql user for a new mysql user who you want to add to your web application. You also need to consider the risk of mysql injection. ()
You better prepare a database for your application and create a user table In this user table, you can define your username and password. In addition you can define a user type. For example, general users and administrators, where only admins can log into your administrator portal.
I recommend using a php structure for your application. This makes working a lot easier and your code is much safer.
No comments:
Post a Comment