Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Re: Administration Ignorance

by sifukurt (Hermit)
on Jul 11, 2001 at 20:32 UTC ( [id://95751]=note: print w/replies, xml ) Need Help??


in reply to Administration Ignorance

Depending upon the level of security you're looking for, cookies aren't the best method. In the past, I've encoded authentication and a timestamp as a hidden field in a form. Obviously, you don't want put these things in as plain text. What I've done is this. After doing the initial authentication, grab the person's IP address, their username and password, and time() and make a delimited string. Then you'll want to encrypt it and escape it and include it as a hidden field. You can encrypt it with just about any of the encryption modules. I'm partial to Crypt::RC4 cuz I wrote it.
use Crypt::RC4; use URI::Escape; $code = "$ENV{REMOTE_ADDR}\|$time\|$username\|$password"; $encoded = RC4( "my_passphrase", $code ); $escaped = uri_escape( $encoded );

Now at the top of each subsequent script, you'll unescape, decrypt, and split on "|" and then verify that information. By including time(), you can put a timeout on the individual sessions. The advantage to doing this is that you'll be able to ensure that the user hasn't gotten to this script through a bookmark or through hijacking someone else's session. And by including the timeout feature, you minimize the potential for damage if someone who is logged in leaves their system unattended. Only if the encoded IP address matches the current user IP address, the encoded username and password are accepted, and if less than, say, 300 seconds have elapsed is the person allowed in. Otherwise they're redirected some place else. If everything checks out, create a new string with the current time(), encrypt and escape it, and include the new string as a hidden field again.

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://95751]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others lurking in the Monastery: (4)
As of 2024-03-28 18:20 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found