Beefy Boxes and Bandwidth Generously Provided by pair Networks
go ahead... be a heretic
 
PerlMonks  

Re: Re: Encrypted Storage of sensible Data in a Cookie

by projekt21 (Friar)
on Oct 22, 2001 at 14:09 UTC ( [id://120485]=note: print w/replies, xml ) Need Help??


in reply to Re: Encrypted Storage of sensible Data in a Cookie
in thread Encrypted Storage of sensible Data in a Cookie

But then I have to store the password plaintext on the server, right? This is not what I wanted.

But thanks for the hint, I just started reading that book and will hopefully gain some insights.

alex pleiner <alex@zeitform.de>
zeitform Internet Dienste

Replies are listed 'Best First'.
Re: Re: Re: Encrypted Storage of sensible Data in a Cookie
by davis (Vicar) on Oct 22, 2001 at 14:16 UTC
    Almost. You're not storing the users' passwords on the server, but the "secret key".

    Here's some actual (old) code:
    my $secret_key = "BLAHBLAHBLAH"; my $session_cookie = $query->cookie('SessionID'); umask 0066; if($session_cookie) { my $mac; if(($sessionid, $mac) = split("-", $session_cookie)) { ###Ok, the user has returned a cookie, ###let's make sure it's not been tampered with +. if($mac ne md5_hex($sessionid . md5_hex($sessi +onid.$secret_key))) { destroy_cookie($sessionid, "MODIFIED") +; ###Ack. Nasty people return; } else { ###Other checks. }
    This way you're not storing the password, you're just making sure the user doesn't modify the data. A reasonable golden rule is: "NEVER trust the data the user hands you".

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://120485]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others examining the Monastery: (5)
As of 2024-03-29 00:01 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found