(Ovid) Re: Serializing Cookies ???

I can't comment on your actual problem, but I thought I should point out that using cookies to store password information is not a very secure practice. You can check out http://www.google.com/search?q=cross-site+scripting+vulnerability+cookie+javascript for some examples of how easy it is to snatch passwords this way. Also, are you running on a secure server? If not, then you're sending the password out every time the cookie is set, thus increasing the vulnerability. Since you are sending the username WITH the password, you're handing over the keys to the kingdom.

Cheers,
Ovid

Update: lindex has a good point. Sometimes this isn't an issue.

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Comment on (Ovid) Re: Serializing Cookies ???

Replies are listed 'Best First'.
Re: (Ovid) Re: Serializing Cookies ??? by lindex (Friar) on Dec 06, 2000 at 02:51 UTC
this issue of security is very minor in this script. Iam well aware of the risks of storing passwords in formdata or cookies, But all the authinication tables in sql (oracle) are controled from a linked access database that is for all intent world readable+writeable, So I just do what my boss tells me and try and have fun with my code along the way :) update plus the network is all internal the ppl using it dont have access to the "int0rnet soopa hIway" :) lindex `/**************************/ jason@gost.net, wh@ckz.org http://jason.gost.net /***************************/` [download]	[reply] [d/l]

Replies are listed 'Best First'.

Re: (Ovid) Re: Serializing Cookies ???
by lindex (Friar) on Dec 06, 2000 at 02:51 UTC

update

lindex

/****************************/
  jason@gost.net, wh@ckz.org
    http://jason.gost.net
/*****************************/
[download]

[reply]
[d/l]