Re: Re: Re: Safely storing password

Yes, that's what I meant. The username and timestamp are mainly there to avoid the very small risk that two entirely random session ids could be identical. Even if I did use the timestamp to check the age of the session it wouldn't be a problem because if you altered the timestamp then the session id stored in your cookie would not match the one held on the server.

Comment on Re: Re: Re: Safely storing password

Replies are listed 'Best First'.
Re: Re: Re: Re: Safely storing password by sdyates (Scribe) on May 09, 2003 at 21:45 UTC
After a bit more work, I realised the best way to have my scripts run secure are. THis works really well: `apache_1.3.27.tar.gz mod_ssl-2.8.14-1.3.27.tar.gz openssl-0.9.7a.tar.gz $ cd openssl-0.9.7a $ ./config $ make $ cd .. $ cd mod_ssl-2.8.14-1.3.27 $ ./configure \ --with-apache=../apache_1.3.27 \ --with-ssl=../openssl-0.9.7a \ --prefix=/usr/local/apache $ cd .. $ cd apache_1.3.27 $ make $ make certificate TYPE=custom $ make install $ /usr/local/apache/bin/httpd -DSSL` [download] Make sure to export the secure public key to each client...	[reply] [d/l]

Replies are listed 'Best First'.

Re: Re: Re: Re: Safely storing password
by sdyates (Scribe) on May 09, 2003 at 21:45 UTC

apache_1.3.27.tar.gz
mod_ssl-2.8.14-1.3.27.tar.gz
openssl-0.9.7a.tar.gz

$ cd openssl-0.9.7a
$ ./config
$ make
$ cd ..

$ cd mod_ssl-2.8.14-1.3.27
$ ./configure \
--with-apache=../apache_1.3.27 \
--with-ssl=../openssl-0.9.7a \
--prefix=/usr/local/apache
$ cd ..
$ cd apache_1.3.27
$ make 

$ make certificate TYPE=custom
$ make install
$ /usr/local/apache/bin/httpd -DSSL
[download]

[reply]
[d/l]