Do you know where your variables are? | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Dear Monks,
I am creating a website that will require the user to use a login and password. I've looked at websites that explain how to make a site secure and many of them recommend not putting the username of the user as a cookie.
I would never save the password in a cookie and I would never pass the username or password as a hidden variable (that's just dumb) .... my question is this: Right now I have it so that when a person logs in (or if they create a new account) I place a cookie saying that 'this userid is logged in'. Every time they click on a link (ie. go to their account manager, post an event, etc.) I immeidately check the cookie to see who it is and if there is not userid cookie then I print the login page and tell them to login. Anything insecure about this? If so, please let me know and tell me how to make a site 100% secure with regards to logging in and passwords (currently the passwords are stored in a DB and encrypted). Also, people have recommended storing the sessionid in the DB along with the user id so I can figure out who the user is .... Correct me if I'm wrong but that means anytime they view another page they my programs will have to query the DB -- isn't that inefficient? Thanks! In reply to How to make a secure website by cranberry13
|
|