Annulé

PHP Media Site

Here are the numerous problems:

- The only login method is by cookies, many users disable this after

security problems from other sources or simply use browsers incapable

of handling cookies, others cannot login

- The cookie login is very insecure, the only way the user is

identified

is by a user ID stored in a cookie, anyone can view the cookie contents

and edit the user ID and immediately be logged in as another user

without knowing their username or password

- The code is not structured properly, configuration settings are

everywhere, connections to database are not re-used and countless other

problems that affect readability, to an extent where the original

developer lost track of their work

- There are many SQL injection holes, input is not validated when used

in SQL queries so a user can manipulate input fields to contain

commands

that can gain control over a database

- I will have to integrate several classes and re-develop the

membership, database connection and other general components

Compétences : PHP

Voir plus : site develop, php id, php developer site, php components, password problems, media general, structured, sql injection, sql commands, security site, php security, php login, php develop, manipulate , login php, integrate membership, input method, edit site, edit php, developer php, develop site, cookies, can anyone edit, php connection, general developer

Concernant l'employeur :
( 18 commentaires ) camarillo, United States

N° du projet : #51949