Perl: the Markov chain saw | |
PerlMonks |
Re: Perl Cookie Encryptionby ant9000 (Monk) |
on Apr 08, 2004 at 09:45 UTC ( [id://343552]=note: print w/replies, xml ) | Need Help?? |
Having the cookie data encrypted does you no good at all, since the cookie itself is exactly the token needed to gain access to the server: if I get your cookie, I have access even without the password in clear. You'd better rely on CGI:Session and build some more security into it, to make cross side scripting attacks more difficult. An easy way would be saving the remote IP together with browser signature inside the session, and rejecting any request not matching the stored info. HTH, Ant9000
In Section
Seekers of Perl Wisdom
|
|