in reply to Session Tokens for Log-in

      Am I forgetting about any other security risks involved ?

That depends on the value of the assets involved ; how much user convenience you are willing to sacrifice to beef up security; how much security effort you want to put in and what is the likleyhood of bad guys desiring to break into your system.

Basically, your system is adequate to prevent access by a medium-energy, casual thief. Unless finance or very private information is involved, that is usually good enough. Besides you get much less bang (security) for the buck (additional security effort) beyond this point. The only thing I'd add is SSL/HTTPS.

     "There are only two truly infinite things. The universe and stupidity, and I'm not too sure about the universe"- Albert Einstein

Replies are listed 'Best First'.
Re: Session Tokens for Log-in
by tanger (Scribe) on Apr 17, 2005 at 05:55 UTC
    I just learned about CGI::Session, it even does cookies too...

    Should I bother with cookies? The site is not financial, ecommerce, or not real private information, but it does provide a service that costs money--therefore any one who would want it free might want to hack into it hah.

    it does have https/ssl so thats a good thing :)

    tanger
[reply]

In Section Seekers of Perl Wisdom