Posted 18 April 2010 - 08:56 PM
I am nearly finished implementing a web application for a school (I won't go into much detail as it is un-necessary). Also, note that my knowlege in PHP is limited; I studied Java for 4 years and self-learned PHP on my spare time.
Anyway, as I complete the project, I am skeptical in the security of the web application. Sure the application checks for common security issues like MySQL injection, session hijacking, and brute force attacks. However, since my knowlege is limited in both PHP and the security side of web applications, I have certian doubt in the applications' security.
Firstly, I wanted to display the administration log-in panel if the IP of a computer matches an administration account's IP. So basically, only administration could see the log-in panel. This would reduce the temptation of outsiders to breach the application. My question is, does a computers IP change (un-intentially)? If so, how can I distinguish a computer?
NOTE: New admin. IP's can be added within the admin. control panel (if your concerned about this approach)
Any other security implementations I should implement?