All good comments (except for the part about saving passwords in cookies! Bad coder! No donut!), but I'll add in some comments that some folks have not yet made.

Given the choice of a hashing algorithm, please advice new folks to use the strongest available... this means SHA1 over MD5, and MD5 over crypt. Better SHA is also an option ... look at CPAN for modules available. Might as well be paranoid. "YourFavoriteHashingAlgorithm" certaintly doesn't mean you can roll your own, at least not if you have any ethics -- it's far too easy to make a weak function.

You say 'most likely will give a unique ID', but you (in the case of dealing with Credit Cards, especially) might have an obligation to make sure they ARE unique. Good security is based on good math, not chance. One of the failings of random number generators is that they are not unique, so again, it never hurts to be paranoid.

Perhaps obvious, but when possible, use SSL. This not only encrypts the session from basic packet sniffing, but (when using certs), can tip someone off to a man-in-the-middle type attack, where you could be tricked into authenticating to a server that wasn't really the server you were connecting to.

In reply to Re: CGI and saving passwords by flyingmoose
in thread CGI and saving passwords by JoeJaz

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.