Your skill will accomplish what the force of many cannot |
|
PerlMonks |
Re: Is this use of crypt() appropriate?by Nomis52 (Friar) |
on Nov 08, 2001 at 18:16 UTC ( [id://124061]=note: print w/replies, xml ) | Need Help?? |
I'm doing a similar thing but using a session id. On sucessful login a session id is created using the following: User name HTTP User Agent IP address <- can change paticularly with aol users and proxy servers Day-of-the-year and a "secret" constant string This is fed to MD5 which computes the checksum of it and stores it in a cookie along with the users name. Everytime a script is requested the session id is checked by re-creating the session id and comparing it to the one in the cookie. For someone to fake a session id they need all of the above information including the "secret" string and what order i joined them together. The logout is simple, just delete the session id from the cookie. More secure IMOHO than sending any form of the password over the net to store in a cookie. (Remembering it was sent once when the user logged on but for that you should use ssl).
I found this site very usuful when putting this togeather.
Good luck
In Section
Seekers of Perl Wisdom
|
|