Re: Re: Length of Crypt::CBC result

This is NOT a bad idea. 1) Associate an expire time, and ip address with the data being stored. 2) Also change the private key every day. 3) eval it. Why use a session cookie, or other means when you can do the above?

Comment on Re: Re: Length of Crypt::CBC result

Replies are listed 'Best First'.
Re: Re: Re: Length of Crypt::CBC result by Ryszard (Priest) on Apr 04, 2002 at 21:18 UTC
Ok, so there are methods that can be used to make the data more secure (altho' using an IP address is not a great idea). My point is control. Once you send the data out to the browser you lose control. If you have a public web server, most of your server side security should already be done. Why create more processes and procedures if you dont need to? The more processes and procedures you add, the greater the chance something could be missed. There is a reason why most web apps use a non determinate token and associated session management - it works and it simple to do.	[reply]

Replies are listed 'Best First'.

Re: Re: Re: Length of Crypt::CBC result
by Ryszard (Priest) on Apr 04, 2002 at 21:18 UTC

My point is control. Once you send the data out to the browser you lose control.

If you have a public web server, most of your server side security should already be done. Why create more processes and procedures if you dont need to? The more processes and procedures you add, the greater the chance something could be missed.

There is a reason why most web apps use a non determinate token and associated session management - it works and it simple to do.

[reply]