How Insecure Is My Site..? trying to figure

[ruben1405241511 0]

Hi,I started to design a vocable trainer and was presented with the difficulty of password-protecting my user's data for the first time.My situation is the following:the data, that I intend to protect is vocabulary, so, if people are not misusing it as a datashack, it won't contain confidential data. So the risk is not really that people have to be worried about hackers reading their darkest secrets. I just want to protect the information from the average script kiddie and people who want to harm the service by fooling with user data.On the other hand, I want to place google-ads on my site, which makes it inept to use Sessions etc.At the moment I am using a script, that md5s the password, checks with the database (first if the (clear-text) user name is existant and then if the md5-keys for the password match.) and then puts out a URL-String with the name and the password information. The String is read by each page and checked for correctness of course.So as a matter of fact, the md5-string and the user name are transferred clearly over the URL (GET-method/links) and appears also in the history etc. A bit like sessions, except that it does not expire.Well, I know that this is a crappy and inferior protection, but as you see I am not protecting the X-files here.Do you think that this is enough to keep scripts kids and potential haters at bay or can you suggest me some methods to enhance my protection? I can post the code of course, but since it is so simple you probably figure how it looks like. I don't have a special brute-force protection.Thanks a lot for help,Ruben