Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl Monk, Perl Meditation
 
PerlMonks  

Re: Some questions about CGI::Session

by sundialsvc4 (Abbot)
on Jun 01, 2011 at 12:57 UTC ( [id://907623]=note: print w/replies, xml ) Need Help??


in reply to Some questions about CGI::Session

When used in this capacity, a filesystem basically is a database, and it actually is one that’s pretty darned well suited to the purpose at hand.   If you subdivide the data into sub-directories according to some rule, you can store millions of records easily.   Issues relating to file-sharing, e.g. as might be the case with SQLite, simply disappear.

Banning a user is a slightly different issue, o’course.   Usually that is handled during the login process.   If what you are actually concerned with is “session flooding,” in which a malicious site floods yours with bogus session-id tokens in order to fill up your session store, the simplest way to deal with that is by “salting” all valid session-ids with a portion that is computed by an (unknown to the attacker) SHA1 hash-substring.   This makes it more difficult to generate “millions of valid session tokens.”

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://907623]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others sharing their wisdom with the Monastery: (7)
As of 2024-04-24 09:55 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found