Re: Untainting cookies


laziness, impatience, and hubris
	PerlMonks

Re: Untainting cookies

by merlyn (Sage)

on Apr 11, 2001 at 06:08 UTC ( [id://71578]=note: print w/replies, xml )

Need Help??

in reply to Untainting cookies

Are you so concerned about the size that you can't use hex instead of base64? Hex works fine, and has very safe characters which can be interpolated everywhere.

Here's what Apache::Session used the last time I looked:

require MD5;
my $session = MD5->hexhash(MD5->hexhash(time.{}.rand().$$));
[download]

-- Randal L. Schwartz, Perl hacker

Comment on Re: Untainting cookies Download Code

Replies are listed 'Best First'.
Re: Re: Untainting cookies by MeowChow (Vicar) on Apr 11, 2001 at 20:18 UTC
How about just `tr`'ing the initial Base64 ID like so: `$id =~ tr\|+/=\|___\|; # or $id =~ tr\|+/=\|000\|;` [download] You would lose just a few bits of randomness (acceptable in this application), but would be left with a shorter ID that's an easy match with a /\w/. MeowChow s aamecha.s a..a\u$&owag.print	[reply] [d/l] [select]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://71578]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others rifling through the Monastery: (4)

As of 2024-04-25 16:35 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found