Fractured Realities has a new post from Davey today concerning a few tips that could help keep you and your data just a bit safer in this agressive online world.

There is a discussion on the phpsec mailing list about "PHP-Based User Authentication Security". After a long heated debate I have come up with my own thoughts on it. The following 7 points are my contribution on how to create the most secure website.

The points his gives include: "do not as for more than X number of login attempts", "repeated security checks. ask for the password often", "session timeouts", "control caching", and "random verification data".

There are a few more listed as well, each making just as valid a point as the last. And, looking at the state of a lot of the pre-packaged PHP applications out there (especially with the scares we've had lately), it makes me wonder how many people really take these kinds of ideas to heart...