Re: [WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2012


It keeps the original formatting.
numero = 109287
interpreted = N
texte = On 2012-07-13, at 3:19 AM, Stuart Tremain wrote: > Almost 4 years on and the only encryption/decryption that you can do = with cookies is method=3DBase64, and I have just spent 2 days proving it = :( >=20 > Thinking of opening a liquor store ..... problem is it may be like = Dracula in charge of the Blood Bank Luke! Don't give in ... to the Dark Side. ;-) If you are working on your authentication system - I don't think you = don't need to encrypt cookies for that anyway... just make a cookie = that holds a plain text (cart #) sessionID... which points to a session = record in a session db.. or else points to a sessionID in the user's = record in the custom users' db. Make every protected page check the = cookie.. which looks up the user record and sees if the session has = expired, and if it comes from a login that passed back when you checked = the input user/pass (within say the last 30 mins.). Hacking would = require someone to not only guess the exact cart string, but that cart = string *in association with that exact username/pass/session*. =20 I can hand you the auth. module I built like this some years ago.. let = me know. -Govinda= Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  45. [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
On 2012-07-13, at 3:19 AM, Stuart Tremain wrote: > Almost 4 years on and the only encryption/decryption that you can do = with cookies is method=3DBase64, and I have just spent 2 days proving it = :( >=20 > Thinking of opening a liquor store ..... problem is it may be like = Dracula in charge of the Blood Bank Luke! Don't give in ... to the Dark Side. ;-) If you are working on your authentication system - I don't think you = don't need to encrypt cookies for that anyway... just make a cookie = that holds a plain text (cart #) sessionID... which points to a session = record in a session db.. or else points to a sessionID in the user's = record in the custom users' db. Make every protected page check the = cookie.. which looks up the user record and sees if the session has = expired, and if it comes from a login that passed back when you checked = the input user/pass (within say the last 30 mins.). Hacking would = require someone to not only guess the exact cart string, but that cart = string *in association with that exact username/pass/session*. =20 I can hand you the auth. module I built like this some years ago.. let = me know. -Govinda= Govinda

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

PIXO support (1997) Expiration of Carts (1997) What port is Email on ? (2000) WebDelivery downloads alias, not original ? (1997) [WebDNA] WebDNA Roll Call (2013) New WebCatalog Version !!! (1997) [Webcat 2]Next (1997) Progress !! WAS: Trouble with formula.db (1997) I give up!! (1997) FEW QUESTIONS (1997) Break out of a loop? (2000) Allow-Deny: Solved with [Getchars] (1998) Quit revisited (1997) RE: combining strings (1997) Thanks and more help please? (2001) 'does not contain' operator needed ... (1997) Wait, I forgot something! (was authenticating a seconduser, the sequel) (1997) protect tag on NT IIS (1997) Secure Server not remembering discounts (1998) japanese characters (1997)