Hello. This is my very first message on a sourceforge project. I specifically created an account so I could comment in this forum. I just used the phpformgenerator online and would like to offer some security suggestions:
The web interface should save the delivery method information to a cookie on the user's system, identifiable by the form number. This way, other visitors to the online site cannot use the information to data mine email addresses or sql server connection parameters. By moving this information to a cookie, visitors to the site could still benefit from the knowledge/experience of prior visitors without the original coder's access information being compromised in any way.
Alternatively, if the user selects "Database" as the delivery method, you could modify your install.php file to prompt for the database connection parameters (including password) at the time of installation, and not store any of that information online or in cookies.
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
Hello. This is my very first message on a sourceforge project. I specifically created an account so I could comment in this forum. I just used the phpformgenerator online and would like to offer some security suggestions:
The web interface should save the delivery method information to a cookie on the user's system, identifiable by the form number. This way, other visitors to the online site cannot use the information to data mine email addresses or sql server connection parameters. By moving this information to a cookie, visitors to the site could still benefit from the knowledge/experience of prior visitors without the original coder's access information being compromised in any way.
Alternatively, if the user selects "Database" as the delivery method, you could modify your install.php file to prompt for the database connection parameters (including password) at the time of installation, and not store any of that information online or in cookies.