http://qs1969.pair.com?node_id=153643


in reply to Plaintext passwords?
in thread We blame tye.

The way I typically handle it is to.

/\/\averick
perl -l -e "eval pack('h*','072796e6470272f2c5f2c5166756279636b672');"

Replies are listed 'Best First'.
Re: Re: Plaintext passwords?
by no_slogan (Deacon) on Mar 23, 2002 at 17:16 UTC
    That all sounds good. I assume that once someone logs in successfully via SSL, you send them a cookie, and they continue using that over an unsecured connection? In that case, the cookie essentially becomes the user's password. Do you have a good solution for preventing the bad guys from capturing and reusing that cookie?
Re: Re: Plaintext passwords?
by Anonymous Monk on Mar 26, 2002 at 03:22 UTC