I have a general question about server side scripting. A friend and I were talking about a login system we created, he made his in PHP, and I made mine in ASP.
Without getting into the details…
When a user submits a request for a new user account, they must have the “key” ( the key is just a 8 digit number stored in a php include file ). So they fill out a form with information like email, name… and the last field is the key field. If they dont type the correct key, they can’t create an account.
My questions is this: How easy would it be for someone to hijack the key?
It seems pretty unsecure if we are just storing the key in a .php include file.
Thanks for any advice.
