Hi.
I am building a simple session-based user system with php.
To log in users, I take their login and password and then compare the values against values stored in the mysql database. If values match, I register a session and that is it, the user is loged in.

Before rolling it out, I would like to know if these measures are enough securitywise? What else can I do to ensure tight security? The authentication process that I am using is in every PHP book, so I am worrying that hackers must have found a way around this simple step.
I am on a shared host on FreeBSD with Apache, PHP and MYSQL.

Thank you for all your input. I believe this information will be of use to many of us who are making first steps in PHP development.

z01d