Home/ Questions/Q 6852305
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-27T01:21:17+00:00

I’m doing a very very simple web app for a friend of mine. He’ll

  • 0

I’m doing a very very simple web app for a friend of mine. He’ll be the only one to access a restrict area, so my question is:

  1. Is recommended to use a login with fixed password on source code like this: if ($user_pass == 'myultrasecretpass') ?

  2. Is it secure? There’s how to hack that?

I think it’s no need to store user and password on database and some like that.

Please show me your ideas.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    It is no less secure to store the password in the source file provided it is not accessible to others. Otherwise you end up storing the db password, which would result in the same amount of security. The only way to hack it without any other access to the server is to use a brute force attack.

    However, brute force attacks are a real world issue. To guard against them, you need to prevent a single IP from making too many requests too fast (e.g. limit to 5 tries in a minute before timing out and making the user wait for 10 minutes or something). Then the attacker would need a large number of computers with unique IP addresses to perform the attack.

    Also, it goes without saying that the password needs to be sufficiently complex.

    Make sure to have a username field as well, even if there is only one user. It greatly increases the complexity and makes brute force attacks much less likely.

    Note that this assumes the database doesn’t only allow local connections. If you do use a database that only allows local connections, then it is definitely more secure to use it to store sensitive information. In that case, even if the attacker gets the database password they won’t be able to retrieve the information simply by logging in.

    • 0