Alright, so I am developing blog software (well v3.0 of my software), and one of my main priorities for this version is a much improved security system.
I've already got the basics done. I have hashed passwords, and the admin panel uses php and cookies to decide if the user should see certain parts of the admin panel, so it's not hiding things in html, it just doesn't show up to begin with. To make it simpler, my security consists of:
- Admin page that shows nothing if user is not logged in
- Registration system with a group (in mysql) set as subscriber by default (which cannot do anything)
- Registration system that registers with a hashed password
- Login system that, when logged in, will set a cookie with the username of the person who logged in
- Login system that logs in by testing the typed in password against the hashed password of the username
- Admin page that shows certain options based on group (posts, pages, settings, updates, etc)
My simple question is, will this be sufficient security for this software to be in a public environment? If not, what should I add or fix to make it that way.
I've already got the basics done. I have hashed passwords, and the admin panel uses php and cookies to decide if the user should see certain parts of the admin panel, so it's not hiding things in html, it just doesn't show up to begin with. To make it simpler, my security consists of:
- Admin page that shows nothing if user is not logged in
- Registration system with a group (in mysql) set as subscriber by default (which cannot do anything)
- Registration system that registers with a hashed password
- Login system that, when logged in, will set a cookie with the username of the person who logged in
- Login system that logs in by testing the typed in password against the hashed password of the username
- Admin page that shows certain options based on group (posts, pages, settings, updates, etc)
My simple question is, will this be sufficient security for this software to be in a public environment? If not, what should I add or fix to make it that way.