http://qs1969.pair.com?node_id=343523


in reply to Perl Cookie Encryption

maybe a good idea is to use two usernames and two passwords.
the first username and password pair will be used to encrypt the cookie data (btw. you can't encrypt to whole cookie itself but you can encrypt the data that the gets filled with). This username, passwor pair will never be stored on the client; maybe you can put in a session object on the http-server-side as long as the user is logged in.
then u use Crypt::TripleDES to encrypt and decrypt that data used to access the telnet/ssh server. (you can build a key for encryption like this "$username$password")

but keep in mind, that this is not really secure but probably the highest security level you can get for your problem and still being easy to implement.

Replies are listed 'Best First'.
Re: Re: Perl Cookie Encryption
by JoeJaz (Monk) on Apr 08, 2004 at 07:33 UTC
    Hi. I understand that my situation may be a bit unique. I can only hope that I manage to tighten this script down a bit. It's my first experience with creating cookies. I like your dual password idea. I might just incorporate that into the config file (the admin sets the password to encrypt it with). Also, thanks for turning my eye toward the Crypt::TripleDES module. That will probably be a much nice solution rather than creating my own encryption algorithm. Thanks for your ideas. Take care, Joe