Re: Re: Re: Encrypted Storage of sensible Data in a Cookie


Just another Perl shrine
	PerlMonks

Re: Re: Re: Encrypted Storage of sensible Data in a Cookie

by davis (Vicar)

on Oct 22, 2001 at 14:16 UTC ( [id://120487]=note: print w/replies, xml )

Need Help??

in reply to Re: Re: Encrypted Storage of sensible Data in a Cookie
in thread Encrypted Storage of sensible Data in a Cookie

Almost. You're not storing the users' passwords on the server, but the "secret key".

Here's some actual (old) code:

        my $secret_key = "BLAHBLAHBLAH";
        my $session_cookie = $query->cookie('SessionID');
        umask 0066;
        if($session_cookie) {
                my $mac;
                if(($sessionid, $mac) = split("-", $session_cookie)) {
                        ###Ok, the user has returned a cookie,
                        ###let's make sure it's not been tampered with
+.
                        if($mac ne md5_hex($sessionid . md5_hex($sessi
+onid.$secret_key))) {
                                destroy_cookie($sessionid, "MODIFIED")
+; ###Ack. Nasty people
                                return;
                        } else {
                ###Other checks.
            }
[download]

This way you're not storing the password, you're just making sure the user doesn't modify the data. A reasonable golden rule is: "NEVER trust the data the user hands you".

Comment on Re: Re: Re: Encrypted Storage of sensible Data in a Cookie Download Code

In Section Cool Uses for Perl

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://120487]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others examining the Monastery: (7)

As of 2024-04-18 17:07 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found