cookies and HTTP authentication are not really very secure either of them... you can always hack around their code... and it's sniffable.

HTTPS is much better...

To elaborate more, cookies are not any form of authentication, inherently, because they're just client stored variables. Anyone can have them, edit them and change them. You could encode some sort of key and try try to keep track of the users' sessions or just the users themselves. You are still going to have to do some sort of login technique. If I'm not mistaken, HTTP authentication sets cookies anyway.

If you're worried about "security" you'll need to subdivide "security" by what you're worried about. If you need to be sure that a user says he's who he is, you'll need to use some sort of cryptography and authentication technique. If you're going to have content that 3rd parties cannot see, you'll have to invest some time and/or money or both into HTTPS. If you're worried about someone rooting your box, you'll have to be very careful with your scripts, global variables, and even your webserver setup and version.


Security is not a goal, it is a way of Life.

In reply to Re: Security: Cookies vs HTTP authentication by vaevictus
in thread Security: Cookies vs HTTP authentication by rodry

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.