- I have a website with SSL, and a database that is only accessible on the server's local network. I have no access to the server's settings.
- The database's password can be found in the site's php code, but a .htaccess file disallows browsing in all directories.
- If the user tries to log in, their password is sent to the server and if the password-username combo is found (php hashed), a valid_user=true session variable is set.
- Every php file checks this variable, if it's not true, they will direct the user to the login page.
Is there any way for hackers to still gain access to the site's services or to access its files? OR are there any other concerns I'm not considering?
Aucun commentaire:
Enregistrer un commentaire