Home/ Questions/Q 7883415
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T04:31:34+00:00

So Im not really a backend developer, but I need to develop a basic

  • 0

So Im not really a backend developer, but I need to develop a basic password login. The (totally unreasonable) client has specifically said that he only wants a password input. No username or any other information can be passed.Since there aren’t any users, there is only one password which I have coded directly into the script. Looks something like:

$password = $_POST['password']

if ($password == 'mypass') {

do something....

}

Is this vulnerable to some sort of injection hack? Are there any other huge security holes I should be worried about?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Is this vulnerable to some sort of injection hack?

    No, because you’re not injecting anything into anything else.

    Are there any other huge security holes I should be worried about?

    • It has extremely low entropy, an attacker just automatically trying random passwords should not have too much trouble getting in. You’re probably aware of that.
    • If your server was ever breached and/or the source code revealed, the hardcoded password would be revealed and usable instantly. You could at least salt and hash it to prevent that much.
    • 0