Beefy Boxes and Bandwidth Generously Provided by pair Networks
There's more than one way to do things
 
PerlMonks  

Re: Re: Security

by Hero Zzyzzx (Curate)
on May 23, 2001 at 20:38 UTC ( [id://82617]=note: print w/replies, xml ) Need Help??


in reply to Re: Security
in thread Security

I agree that cookies aren't the best way to do security. However. . .

If you create your cookies using random data and with a one-way hash like MD5, and then store the cookies you create in a server-side database, then the cookie manufacturing becomes very difficult. You can send your manufactured cookies 'til the blue cows come home, but until one matches what's stored in the database, it's all for naught.

Just my $.02. . .

Update: Copying a cookie is different than manufacturing one. . .See below. . .

Replies are listed 'Best First'.
Re: Re: Re: Security
by blue_cowdawg (Monsignor) on May 23, 2001 at 21:22 UTC

    If I copy a cookie from someone's browser (small amount of handwaving here on how I get it in the first place) then it doesn't really matter how I encode it unless I am using some sort of Diffie-Hellman pair. I'd still be stealing someone's identity.

    Unless there is some sort of challenge/response happening where the user has to perform some active function such as type in a password, use a smart card, or whatever using a client side cookie is just asking for trouble. 

    ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Peter L. Berghold --- Peter@Berghold.Net
"Those who fail to learn from history are condemned to repeat it."
[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://82617]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others taking refuge in the Monastery: (8)
As of 2024-04-23 09:57 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found