dimishome has asked for the wisdom of the Perl Monks concerning the following question:

I am creating a web application that will securely connect to a server and update the user's password. I have been looking at using MD5 to create the hash to send to the server but I want to make the app as secure as possible.

Part of the task will be to create a URL that takes a MD5 hash of the time stamp as part of the URL and when the user attempts to access the script, it will verify that the time stamp hash is the same as the one in the database which is logged by the update password script.

The big question is there a perl mod that will setup assist with the hash creation and verification?


Edited 30 Dec 2005, by footpad: Added rudimentary formatting tags.

Replies are listed 'Best First'.
Re: updating passwords securely.
by sk (Curate) on Dec 29, 2005 at 20:57 UTC
    There is Digest::MD5 which will help you create a message digest.
[reply]
Re: updating passwords securely.
by TedPride (Priest) on Dec 29, 2005 at 22:13 UTC
    Connect how? Does the user visit your web app, submit a password change, then have you update the password on the server that's storing it? Why isn't the web app on that server? Why are you transmitting with only the password secured and not the whole transmission? More detailed information on why you're doing things this way would be helpful.
[reply]
      Because of the number of servers the script has to talk with, a centralize location was the best choice. I will be using SOAP calls to return the information to the server that needs updating.
[reply]

Back to Seekers of Perl Wisdom