Beefy Boxes and Bandwidth Generously Provided by pair Networks
Problems? Is your data what you think it is?
 
PerlMonks  

comment on

( [id://3333]=superdoc: print w/replies, xml ) Need Help??
Hi cranberry13,

Every time they click on a link (ie. go to their account manager, post an event, etc.) I immeidately check the cookie to see who it is and if there is not userid cookie then I print the login page and tell them to login.
Cookie values can be changed or hijacked so it's not entirely safe to depend on them without taking some precautions. For example, if you set a user with a cookie value of 'abcde' and if I'm able to get to that value, I could masquerade as that user by tweaking the cookie file in my computer. That's what I think but I may be wrong.

I use MD5 to set a unique cookie value and that value is saved into the db. The user is recognised by the cookie value. Every time he or she logs in, a new cookie value is created and set. This new value replaces the old one in the db.

I'm not 100% sure if my method is secure but I think it's better than relying on one unchanging unique cookie value.


In reply to Re: How to make a secure website by kiat
in thread How to make a secure website by cranberry13

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Are you posting in the right place? Check out Where do I post X? to know for sure.
  • Posts may use any of the Perl Monks Approved HTML tags. Currently these include the following:
    <code> <a> <b> <big> <blockquote> <br /> <dd> <dl> <dt> <em> <font> <h1> <h2> <h3> <h4> <h5> <h6> <hr /> <i> <li> <nbsp> <ol> <p> <small> <strike> <strong> <sub> <sup> <table> <td> <th> <tr> <tt> <u> <ul>
  • Snippets of code should be wrapped in <code> tags not <pre> tags. In fact, <pre> tags should generally be avoided. If they must be used, extreme care should be taken to ensure that their contents do not have long lines (<70 chars), in order to prevent horizontal scrolling (and possible janitor intervention).
  • Want more info? How to link or How to display code and escape characters are good places to start.
Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (7)
As of 2024-03-29 12:58 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found