Re: How to make a secure website


We don't bite newbies here... much
	PerlMonks

Re: How to make a secure website

by Jeppe (Monk)

on Jul 08, 2004 at 12:24 UTC ( [id://372765]=note: print w/replies, xml )

Need Help??

in reply to How to make a secure website

You should take a look at Apache::Session. It might be what you're looking for.

Seriously, store only a session id in the cookie. Don't store a cleartext user id, and make sure you somehow make it impossible to calculate a valid session id. That is, the session id must be a large number - too large to be brute-forced. The distribution of the algorithm that produces the session id must be flat.

And - of course - make sure the login is performed over an https connection.

Other than that, make sure you properly process anything the users submit through forms or url tampering..

Comment on Re: How to make a secure website

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://372765]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others perusing the Monastery: (6)

As of 2024-04-24 01:49 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found