Loading ...
Sorry, an error occurred while loading the content.

Re: [PBML] Encryption and Cookies

Expand Messages
  • Octavian Rasnita
    A better idea would be to associate a random string with the data you want to send in the cookie, and store that random string in a text file, or better... in
    Message 1 of 3 , Apr 30, 2003
    • 0 Attachment
      A better idea would be to associate a random string with the data you want
      to send in the cookie, and store that random string in a text file, or
      better... in a database.

      This way the data will remain only on the server and from page to page will
      travel only a random string associated with the data.
      That random string can be made to be valid only for a period of time, and
      accepted only from the IP of the client computer that generated it.

      Teddy,
      Teddy's Center: http://teddy.fcc.ro/
      Email: orasnita@...

      ----- Original Message -----
      From: "Hudson T Clark" <dark_archon1@...>
      To: <perl-beginner@yahoogroups.com>
      Cc: <perl@yahoogroups.com>
      Sent: Wednesday, April 30, 2003 10:16 AM
      Subject: [PBML] Encryption and Cookies


      Would it be a good security scheme to encrypt the string I set on the
      users computer in a cookie? I could also use the password they have for
      doing it so that it could be a little more safe probably? I got the idea
      from just looking at some cookies I got from the internet, this one
      looked like it was all in hex or something???


      Unsubscribing info is here:
      http://help.yahoo.com/help/us/groups/groups-32.html

      Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
    • Greg
      Not good to rely on user s IP address as some ISPs rapidly cycle through IP addresses every time user clicks on another link. The hex coding you have seen in
      Message 2 of 3 , May 1 2:47 AM
      • 0 Attachment
        Not good to rely on user's IP address as some ISPs rapidly cycle
        through IP addresses every time user clicks on another link.

        The hex coding you have seen in cookies is normal and automatically
        generated by the browser.

        For added security, you could save the users raw password in the
        cookie, then when you read the cookie, encrypt the retrieved password
        and compare it to the encrypted version in your user database. If you
        use the 'crypt' function, remember to use the same "salt" when
        encrypting the passwords.

        Greg
        www.uksites4all.co.uk
        =================================================================
        --- In perl-beginner@yahoogroups.com, "Octavian Rasnita"
        <teddy2003@h...> wrote:
        > That random string can be made to be valid only for a period of
        time, and
        > accepted only from the IP of the client computer that generated it.
        > ----- Original Message -----
        > From: "Hudson T Clark" <dark_archon1@j...>
        > Would it be a good security scheme to encrypt the string I set on
        the
        > users computer in a cookie? I could also use the password they have
        for
        > doing it so that it could be a little more safe probably? I got the
        idea
        > from just looking at some cookies I got from the internet, this one
        > looked like it was all in hex or something???
      • Octavian Rasnita
        It is not a good idea to store the password in the cookie if it is not crypted at all. A visitor may see your page from an Internet Cafe and that cookie will
        Message 3 of 3 , May 1 7:46 AM
        • 0 Attachment
          It is not a good idea to store the password in the cookie if it is not
          crypted at all.
          A visitor may see your page from an Internet Cafe and that cookie will
          remain saved on that computer and other visitors might see it.
          But if that internet Cafe won't accept cookies on their computers by
          default, those visitors won't be even able to get into your site.

          Teddy,
          Teddy's Center: http://teddy.fcc.ro/
          Email: orasnita@...

          ----- Original Message -----
          From: "Greg" <webmaster@...>
          To: <perl-beginner@yahoogroups.com>
          Sent: Thursday, May 01, 2003 12:47 PM
          Subject: Re: [PBML] Encryption and Cookies


          Not good to rely on user's IP address as some ISPs rapidly cycle
          through IP addresses every time user clicks on another link.

          The hex coding you have seen in cookies is normal and automatically
          generated by the browser.

          For added security, you could save the users raw password in the
          cookie, then when you read the cookie, encrypt the retrieved password
          and compare it to the encrypted version in your user database. If you
          use the 'crypt' function, remember to use the same "salt" when
          encrypting the passwords.

          Greg
          www.uksites4all.co.uk
          =================================================================
          --- In perl-beginner@yahoogroups.com, "Octavian Rasnita"
          <teddy2003@h...> wrote:
          > That random string can be made to be valid only for a period of
          time, and
          > accepted only from the IP of the client computer that generated it.
          > ----- Original Message -----
          > From: "Hudson T Clark" <dark_archon1@j...>
          > Would it be a good security scheme to encrypt the string I set on
          the
          > users computer in a cookie? I could also use the password they have
          for
          > doing it so that it could be a little more safe probably? I got the
          idea
          > from just looking at some cookies I got from the internet, this one
          > looked like it was all in hex or something???



          Unsubscribing info is here:
          http://help.yahoo.com/help/us/groups/groups-32.html

          Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
        Your message has been successfully submitted and would be delivered to recipients shortly.