Re: [WebDNA] Encode cookies ONLY via "method=Base64"
This WebDNA talk-list message is from 2012
It keeps the original formatting.
numero = 109287
interpreted = N
texte = On 2012-07-13, at 3:19 AM, Stuart Tremain wrote:> Almost 4 years on and the only encryption/decryption that you can do =with cookies is method=3DBase64, and I have just spent 2 days proving it =:(>=20> Thinking of opening a liquor store ..... problem is it may be like =Dracula in charge of the Blood BankLuke! Don't give in ... to the Dark Side. ;-)If you are working on your authentication system - I don't think you =don't need to encrypt cookies for that anyway... just make a cookie =that holds a plain text (cart #) sessionID... which points to a session =record in a session db.. or else points to a sessionID in the user's =record in the custom users' db. Make every protected page check the =cookie.. which looks up the user record and sees if the session has =expired, and if it comes from a login that passed back when you checked =the input user/pass (within say the last 30 mins.). Hacking would =require someone to not only guess the exact cart string, but that cart =string *in association with that exact username/pass/session*. =20I can hand you the auth. module I built like this some years ago.. let =me know.-Govinda=
Associated Messages, from the most recent to the oldest:
On 2012-07-13, at 3:19 AM, Stuart Tremain wrote:> Almost 4 years on and the only encryption/decryption that you can do =with cookies is method=3DBase64, and I have just spent 2 days proving it =:(>=20> Thinking of opening a liquor store ..... problem is it may be like =Dracula in charge of the Blood BankLuke! Don't give in ... to the Dark Side. ;-)If you are working on your authentication system - I don't think you =don't need to encrypt cookies for that anyway... just make a cookie =that holds a plain text (cart #) sessionID... which points to a session =record in a session db.. or else points to a sessionID in the user's =record in the custom users' db. Make every protected page check the =cookie.. which looks up the user record and sees if the session has =expired, and if it comes from a login that passed back when you checked =the input user/pass (within say the last 30 mins.). Hacking would =require someone to not only guess the exact cart string, but that cart =string *in association with that exact username/pass/session*. =20I can hand you the auth. module I built like this some years ago.. let =me know.-Govinda=
Govinda
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
PIXO support (1997)
Expiration of Carts (1997)
What port is Email on ? (2000)
WebDelivery downloads alias, not original ? (1997)
[WebDNA] WebDNA Roll Call (2013)
New WebCatalog Version !!! (1997)
[Webcat 2]Next (1997)
Progress !! WAS: Trouble with formula.db (1997)
I give up!! (1997)
FEW QUESTIONS (1997)
Break out of a loop? (2000)
Allow-Deny: Solved with [Getchars] (1998)
Quit revisited (1997)
RE: combining strings (1997)
Thanks and more help please? (2001)
'does not contain' operator needed ... (1997)
Wait, I forgot something! (was authenticating a seconduser, the sequel) (1997)
protect tag on NT IIS (1997)
Secure Server not remembering discounts (1998)
japanese characters (1997)