Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change

Re: Perl Cookie Encryption

by esskar (Deacon)
on Apr 08, 2004 at 07:18 UTC ( #343523=note: print w/replies, xml ) Need Help??

in reply to Perl Cookie Encryption

maybe a good idea is to use two usernames and two passwords.
the first username and password pair will be used to encrypt the cookie data (btw. you can't encrypt to whole cookie itself but you can encrypt the data that the gets filled with). This username, passwor pair will never be stored on the client; maybe you can put in a session object on the http-server-side as long as the user is logged in.
then u use Crypt::TripleDES to encrypt and decrypt that data used to access the telnet/ssh server. (you can build a key for encryption like this "$username$password")

but keep in mind, that this is not really secure but probably the highest security level you can get for your problem and still being easy to implement.

Replies are listed 'Best First'.
Re: Re: Perl Cookie Encryption
by JoeJaz (Monk) on Apr 08, 2004 at 07:33 UTC
    Hi. I understand that my situation may be a bit unique. I can only hope that I manage to tighten this script down a bit. It's my first experience with creating cookies. I like your dual password idea. I might just incorporate that into the config file (the admin sets the password to encrypt it with). Also, thanks for turning my eye toward the Crypt::TripleDES module. That will probably be a much nice solution rather than creating my own encryption algorithm. Thanks for your ideas. Take care, Joe

Log In?

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://343523]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (4)
As of 2023-03-28 05:49 GMT
Find Nodes?
    Voting Booth?
    Which type of climate do you prefer to live in?

    Results (66 votes). Check out past polls.