comment on

You seem to be doing a lot of work fudging up the password, without any real gain. Your scheme could be simplified by just passing a random string to the user and storing that same random string in the database along with the username and password.

What you seem to be attempting is usually called ticket based authentication. The user provides a username and password, and if authenticated, you give them a ticket that will allow them back in without needing to enter their password again.

But you are missing a critical piece in order to make it secure. It is absolutely vital that the ticket can be expired at some point. Otherwise an attacker could sniff the ticket, or pull it from someones cookie file, and use it at any time in the future to gain access without a password.

- Cees

In reply to Re: User, Encrypting Passwords and validating by cees
in thread User, Encrypting Passwords and validating by Thathom

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.