Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: How to make a secure website

by Jeppe (Monk)
on Jul 08, 2004 at 12:24 UTC ( #372765=note: print w/replies, xml ) Need Help??


in reply to How to make a secure website

You should take a look at Apache::Session. It might be what you're looking for.

Seriously, store only a session id in the cookie. Don't store a cleartext user id, and make sure you somehow make it impossible to calculate a valid session id. That is, the session id must be a large number - too large to be brute-forced. The distribution of the algorithm that produces the session id must be flat.

And - of course - make sure the login is performed over an https connection.

Other than that, make sure you properly process anything the users submit through forms or url tampering..

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://372765]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2022-01-22 00:17 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:












    Results (59 votes). Check out past polls.

    Notices?