I have a login service to my current site, and I was wondering: is there any specific method that you could call MOST Secure?
Let me explain my system a little better:
I currently have a PHP MySQL database with a user table. The username and password are stored as VARCHAR (not the best for passwords that I know).
On the side of the registration form, I regulate the choice of passwords and usernames, only allowing writing aZ 0-9 and limiting the number of characters. On the side of the login form, I stop attacks with mysql_real_escape_string and I use POST for iFrame instead of AJAX.
I feel that I am doing my best to prevent attacks from the Form, but not from the database. I know that you can change the type of password store for encryption when entering the database, but I do not understand how I will then request this encrypted string.
Given what I described, what would you advise in terms of added security and why? What are your chosen methods to prevent hacking and attacks? Can you see any bright security holes in what I described? Perhaps the most important thing that I can do to fix this, given that I have not been involved in web development for a long time and do not have much experience?
(Keep in mind that I am not creating a system for storing confidential or inflammatory data)