"be consistent" | |
PerlMonks |
Re^3: Hiding cookies from usersby exussum0 (Vicar) |
on Jul 07, 2006 at 17:58 UTC ( [id://559840]=note: print w/replies, xml ) | Need Help?? |
Whoa, /never/ pass the password, encrypted or otherwise, via the cookie. Create an extremely valid, hard to guess and brute force token, and pass that around. Tie it back to the user.
Passing the user's credentials around is begging for a security issue if it's a public interface.
In Section
Seekers of Perl Wisdom
|
|