Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re: Two-Way Password Encryption

by hardburn (Abbot)
on May 07, 2003 at 14:19 UTC ( [id://256210]=note: print w/replies, xml ) Need Help??


in reply to Two-Way Password Encryption

Don't put the username/password combo in the cookie, encrypted or not. Instead, on the intial login, get their username/password and do the authentication. Once authenticated, put their username in a database paried with a unique session ID (I usually use Data::UUID for that) and send the session ID in the cookie. On subsequent entries, you check the session ID against your database. Keep another script in a crontab that deletes old session IDs from the database.

There are various authentication modules in the Apache:: namespace, but most of them only work if you're running mod_perl on Apache.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

Replies are listed 'Best First'.
Re: Re: Two-Way Password Encryption
by Joost (Canon) on May 07, 2003 at 14:54 UTC
    There are various authentication modules in the Apache:: namespace, but most of them only work if you're running mod_perl on Apache.

    However, for the technique you are describing you can use Apache::Session, which is usable for CGI scripts.

    Then you can use Data::UUID for creating the session id. Nice module by the way - hadn't heard of it till now - hardburn++ 

    -- 
Joost       downtime n. The period during which a system
            is error-free and immune from user input.

    [download]
[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://256210]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others imbibing at the Monastery: (12)
As of 2024-04-23 08:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found