<?php
$post = $_POST["post"];
$pass = "1234";
if ($post == $pass) {
echo "Success!";
}else{
echo "Failed.";
}
?>
I know all about preparing statements and hashing etc. I always have security in mind, but I was thinking to myself one day, how would someone actually break into something like this? I understand you can SQL inject something database driven, but this of course is not database driven.
But I was wondering how someone could actually break into this really simple login without just bruteforcing it?
Is there any kind of attack that could be done here to get into this login without any bruteforcing? Or would it be impossible otherwise.
Note:
I am of course excluding things such as putting a virus on the server, I mean within reason can a user with advanced technical knowledge somehow break into this?
See timing attack.
With PHP always use the password_verify() function or another timing attack safe string comparer such as hash_equals().