Re: Re: Re: Re: cookies n variables

You can do a pair of cookies, one with the data. the second md5 hashed with the data and a private string that only your cgi knows. That way when the data cookie is retrived you can take the data cookie returned + the private string, then hash and compair to the md5 cookie you sent. It will tell you if the data has been changed.

-Waswas

Comment on Re: Re: Re: Re: cookies n variables

Replies are listed 'Best First'.
Re: Re: Re: Re: Re: cookies n variables by Ryszard (Priest) on Nov 18, 2002 at 18:29 UTC
Yup, that would work, except now, if you need to change the key because of whatever reason (employee leaves, server is compromised et al), there is a bit of a mess to work out.	[reply]
Re: Re: Re: Re: Re: Re: cookies n variables by waswas-fng (Curate) on Nov 18, 2002 at 22:44 UTC
Pretty simple as they are just session data holders, just change the secret string that mods the hash if an employee leaves. The cgi should be written well enough to deal with bad/missing data cookies and give the user another chance to provide it. As far as the server being compromised -- lol you have more to worry about then the cookie hash =) the hacker cacn do far more damage with other means available to them at that point. -Waswas	[reply]