HamishHamiltonSmith
commented
2 years ago Ah thank you! This is very helpful. I will update the repo when I can with your suggestions included.
Open davidbeechey opened 2 years ago
HamishHamiltonSmith
commented
2 years ago Ah thank you! This is very helpful. I will update the repo when I can with your suggestions included.
Hi Hamish! I love your repo! I noticed a few areas where the security of your project could be improved... hopefully you find this interesting/useful:
1. SQL Statements
You're database would currently be vulnerable to an SQL injection attack because you're not using prepared statements.
You can learn about SQL injections here and prepared statements in PHP here.
2. MD5 Hash
The MD5 hash algorithm isn't considered secure anymore (see this and this) so I suggest checking out a hashing algorithm like SHA-256 which is currently one of the most secure.
You should also look into salting your hashes too, which makes your hashes more secure by adding in variation so that you hash of "password" isn't the standard SHA-256 hash. For example, hackers can have extensive lists of common passwords and their hashes, so in the event of a database breach all of the easy passwords will be quickly cracked. You can read about this here.
I'd also like to add that these suggestions are above Advanced Higher Computing level - you're amazing!
Hope this is useful, good luck :)