I wanted to create an administration system for the site, I made it so that users have a level field associated with it and if it is a given value they can access the admin control, otherwise if they try they are directed to the index, I do not know if this is an efficient way.
I noticed another system for creating protected directories.
Can you tell me which way is more efficient and if there is any vulnerability in the way I decided to implement it?
There are many practices that can raise the security level of a system. I'll be listing some more common and important ones.
3sSa.e.Minh4$3nH4 . This makes it very difficult to break it.
The practice of expiring the password is very common nowadays, especially in corporate environments. This keeps the environment constantly updated, and it may even be possible to update hashs from security from time to time. For example, by searching the 3sSa.e.Minh4$3nH4 password on the How Secure is my Password site, it shows that for a typical computer breaking this password can take 39 billion years but let's say the hacker has a number of zombie computers, so that number can be reduced considerably, but if you have a security routine that requires passwords to be updated every 6 months, you will extend your security breach time by up to an infinite time.
Usingthe MD5 Decrypt app from Hash Killer site it is possible to break simple hashs, with only numbers or letters, such as 123456 , carlos12 . Therefore it is encouraged to use at least one salt in the password before encrypting it.
I will not be rewriting the theory of relativity, so here is a question and answer about security hashs. .
Using the address meusite.com/admin or admin.meusite.com is very obvious, give preference to alternative names like mspanel (abbreviation for MeuSitePanel) or something like that, a name easy to remember and there are no inbound links, but also that it is not so obvious. Also, if possible, restrict IP access.
If possible, invest in Digital Certificates, but for a built-in system you can generate your own security keys yourself . So here's what's worth more for the type of system.