in reply to (joshua) 2Re: Cookie not being set
in thread Cookie not being set

There are several reasons why this is a security hole.

Never fear, these things become second-nature after you work with the Web for a while :)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Replies are listed 'Best First'.
(joshua) 2Re: (joshua) 2Re: Cookie not being set
by joshua (Pilgrim) on Jun 24, 2002 at 05:42 UTC
    I don't want to turn this node into a discussion on web security but...

    Here's my setup:

    • Password is stored encrypted using the crypt function w/ a random key in a file on the server outside of the public-viewing.
    • User enters pass in a form.
    • Password is sent to the server in plaintext (not good)
    • Server encrypts the user's entered password and makes sure it matches the one in the file
    • Server sends cookie to browser that contains encrypted password
    • Each time the user wants to go to a different part of the admin, the server checks the password in the cookie to make sure it's correct.
    I know this doesn't sound very secure, so I'll look into some of the other methods discussed.
    Never fear, these things become second-nature after you work with the Web for a while :)
    I'm kind of seeing that...I've come far since I started doing CGI, but I know I have a lot more to learn.

    Joshua

[reply]

In Section Seekers of Perl Wisdom