(Coyote) Re: Ecryption?

Storing this information in a hidden field is not the best way to handle passing state (think about the security implications). You might want to look into cookies or possibly the Apache::Session module for alternatives. Of course that's not the question you asked.

I would recommend creating an MD5 hash of the username, password, and some other non-related data such as random numbers or the timestamp and using that for authentication purposes. Here's the results from a CPAN search on MD5. MD5::Digest is usually available with any perl distribution with a recent version of the CPAN bundle.

Note that this approach doesn't encrypt the username and password, but instead creates a unique 32 bit string from the data you feed it. If you are adding a timestamp and random data to the string you feed the MD5 algorithm, than a user is not likely (I know better than to say never here) to have the same MD5 hash on two different trips to your site.

----
Coyote

Comment on (Coyote) Re: Ecryption?

Replies are listed 'Best First'.
Re: (Coyote) Re: Ecryption? by Punto (Scribe) on Feb 18, 2001 at 02:36 UTC
Of course I know better ways to pass the authentication (I'm thinking http authentication over SSL), but that requires a rewrite of a lot of parts of the script, right now I'm looking for a fast way to solve this, to start using the scripts. I thought a couple of functions like that would be a simple solution. Thanks for your help. :)	[reply]