comment on

Am I forgetting about any other security risks involved ?

That depends on the value of the assets involved ; how much user convenience you are willing to sacrifice to beef up security; how much security effort you want to put in and what is the likleyhood of bad guys desiring to break into your system.

Basically, your system is adequate to prevent access by a medium-energy, casual thief. Unless finance or very private information is involved, that is usually good enough. Besides you get much less bang (security) for the buck (additional security effort) beyond this point. The only thing I'd add is SSL/HTTPS.

"There are only two truly infinite things. The universe and stupidity, and I'm not too sure about the universe"- Albert Einstein

In reply to Re: Session Tokens for Log-in by NetWallah
in thread Session Tokens for Log-in by tanger

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.