Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things

Re: How to make a secure website

by Jeppe (Monk)
on Jul 08, 2004 at 12:24 UTC ( #372765=note: print w/replies, xml ) Need Help??

in reply to How to make a secure website

You should take a look at Apache::Session. It might be what you're looking for.

Seriously, store only a session id in the cookie. Don't store a cleartext user id, and make sure you somehow make it impossible to calculate a valid session id. That is, the session id must be a large number - too large to be brute-forced. The distribution of the algorithm that produces the session id must be flat.

And - of course - make sure the login is performed over an https connection.

Other than that, make sure you properly process anything the users submit through forms or url tampering..

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://372765]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others making s'mores by the fire in the courtyard of the Monastery: (3)
As of 2022-01-22 00:17 GMT
Find Nodes?
    Voting Booth?
    In 2022, my preferred method to securely store passwords is:

    Results (59 votes). Check out past polls.