Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:
Hi Monks,
I'm working on a cgi script. Users must log in with a username and password, which my script sends to an LDAP server for authentication.
After the initial login, I want users to be able to go about using the script without having to log in again, e.g., I want to set a cookie. The cookie should contain the username and password of the user, and each time the script is called thereafter the cookie will be retrieved and checked against the LDAP server. But I don't want to set a cookie with the password in clear text, so I need to encrypt it somehow. I can't use a way-one encryption like an MD5 hash as I need to be able to decrypt the password to send to the LDAP server. Any suggestions on how to proceed? Specifically, encryption types and perl modules to use?
I'm working on a cgi script. Users must log in with a username and password, which my script sends to an LDAP server for authentication.
After the initial login, I want users to be able to go about using the script without having to log in again, e.g., I want to set a cookie. The cookie should contain the username and password of the user, and each time the script is called thereafter the cookie will be retrieved and checked against the LDAP server. But I don't want to set a cookie with the password in clear text, so I need to encrypt it somehow. I can't use a way-one encryption like an MD5 hash as I need to be able to decrypt the password to send to the LDAP server. Any suggestions on how to proceed? Specifically, encryption types and perl modules to use?
Back to
Seekers of Perl Wisdom