1 Reply Latest reply on Nov 5, 2010 3:49 PM by Phil_W

    Creating Secure Form that Outputs from a Database?

    janken71 Level 2

      I need to create a form that pulls data from a database (of any format) based on what the user enters.  Specifically, I want a customer to be able to enter their name in a field and output data based on their name.  I was about to use a standard PHP mail form methodology, but I realize this would be insecure (I would like to keep my customer list hidden).  Can someone offer a suggestion on what I should look for in creating a secure form/database output structure for my site?  Even if it's just the name of the method so I can search for a tutorial.  Thank you!

        • 1. Re: Creating Secure Form that Outputs from a Database?
          Phil_W

          Does it matter that anyone could enter the right name in the form to return the customer data? If so you need to use a password.

           

          1. Create a form through which the customer can register their details with a user name and password.

          2. On the server side hash the password with something like SHA256 (plenty of open source implementations about or you can create your own).

          3. Store the customer details together with a userid and hashed password in the server database

          4. Create a form through which the customer can request their details, and asks them for their userid and password.

          6. On the server side, rehash the password from the form and request a row from the customer database where the userid and hashed password match an entry

          7. Return the customer data if row retrieved from database else return a message saying on data matching those details etc.

           

          Regards

           

          Phil