RE: [WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101274
interpreted = N
texte = What about just creating a new field in your user table called = hiddenval. Then when a person logs in, write a cookie with a random = number and set that field to the same number for the logged in user. = When you check if a person is logged in, all you have to do is perform = one lookup to check the cookie against the hidden field value and if a = match is found then the record of the validated user is returned. So no = matter how hard someone tries to crack your cookie code, it doesn't = matter. It is always completely random. Using this method it is also easy to create the "keep me logged in" = option for folks. If checked, then don't expire the cookie. If not = checked, then expire after the session is pau. Oh if you do this you have to make sure each time you set a cookie it is = guaranteed to be random or you will get folks logged in as others! Aloha, Olin -----Original Message----- From: Kenneth Grome [mailto:kengrome@gmail.com]=20 Sent: Sunday, October 26, 2008 9:57 PM To: talk@webdna.us Subject: Re: [WebDNA] Encode cookies ONLY via "method=3DBase64" > I'm curious what you might be using as a routine to > generate that string of 500 random characters. I just entered 26 lowercase and 26 uppercase alpha chars and=20 10 digits into a db file, one record for each char, then I=20 do a search for all records which gives me 62 total chars=20 that can be retrieved, but I limit the search to the first=20 30 chars and I run the search inside a loop that iterates=20 70 times thus giving me a string of 2100 chars. I guess I=20 could use other chars in the db but I know that=20 alphanumerics won't create problems so I'll probably just=20 stick with what I have for now. Then I create a random number between 1 and 1000 using=20 several [random] tags and getchars which limits the=20 resulting random number to 3 chars in length, and I use=20 this [rn] as the start value with 999+[rn] as the end value=20 in another getchars to extract a contiguous segment of the=20 1000 random chars from the original 2100 random char=20 string -- so yes I'm using 1000 chars now rather than the=20 500 chars previously mentioned. Then I use another db with 50 fields and 50 records, each=20 field containing one unique value ranging from 1-999. =20 These values appear in random order in the columns in the=20 db and there are no duplicates in these columns, so that=20 when I search this db via rank=3Doff I get 50 non-duplicate=20 values ranging from 1-999 in whatever field I choose to=20 retrieve. Next I count the number of characters in the "string to be=20 encoded" which consists of the username then a separator=20 string then the password all concatenated together. The=20 number of chars in this string determines which field of=20 values to retrieve from my 50x50 db. Each of the 50=20 retrieved values in the selected field represents a=20 character positions in my original 1000 char random=20 string ... =20 I simply take the value from the first (then second, then=20 third, etc.) record in the db, find the char position=20 corresponding to that value (1-999) in the string of 1000=20 chars, and replace that char with the first (then second,=20 then third, etc.) char appearing in my "string to be=20 encoded". =20 When all the chars in my "string to be encoded" have=20 replaced the appropriate chars in my 1000 char string I use=20 Base64 to further encode the resulting 1000 char string=20 which becomes 1/3 longer, and that's the value I set as the=20 cookie that identifies whether or not the visitor is valid=20 and logged in. That's as far as I've gotten with it, and I haven't tested=20 its speed yet but hopefully it will be 'fast enough'. :) Sincerely, Ken Grome Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
What about just creating a new field in your user table called = hiddenval. Then when a person logs in, write a cookie with a random = number and set that field to the same number for the logged in user. = When you check if a person is logged in, all you have to do is perform = one lookup to check the cookie against the hidden field value and if a = match is found then the record of the validated user is returned. So no = matter how hard someone tries to crack your cookie code, it doesn't = matter. It is always completely random. Using this method it is also easy to create the "keep me logged in" = option for folks. If checked, then don't expire the cookie. If not = checked, then expire after the session is pau. Oh if you do this you have to make sure each time you set a cookie it is = guaranteed to be random or you will get folks logged in as others! Aloha, Olin -----Original Message----- From: Kenneth Grome [mailto:kengrome@gmail.com]=20 Sent: Sunday, October 26, 2008 9:57 PM To: talk@webdna.us Subject: Re: [WebDNA] Encode cookies ONLY via "method=3DBase64" > I'm curious what you might be using as a routine to > generate that string of 500 random characters. I just entered 26 lowercase and 26 uppercase alpha chars and=20 10 digits into a db file, one record for each char, then I=20 do a search for all records which gives me 62 total chars=20 that can be retrieved, but I limit the search to the first=20 30 chars and I run the search inside a loop that iterates=20 70 times thus giving me a string of 2100 chars. I guess I=20 could use other chars in the db but I know that=20 alphanumerics won't create problems so I'll probably just=20 stick with what I have for now. Then I create a random number between 1 and 1000 using=20 several [random] tags and getchars which limits the=20 resulting random number to 3 chars in length, and I use=20 this [rn] as the start value with 999+[rn] as the end value=20 in another getchars to extract a contiguous segment of the=20 1000 random chars from the original 2100 random char=20 string -- so yes I'm using 1000 chars now rather than the=20 500 chars previously mentioned. Then I use another db with 50 fields and 50 records, each=20 field containing one unique value ranging from 1-999. =20 These values appear in random order in the columns in the=20 db and there are no duplicates in these columns, so that=20 when I search this db via rank=3Doff I get 50 non-duplicate=20 values ranging from 1-999 in whatever field I choose to=20 retrieve. Next I count the number of characters in the "string to be=20 encoded" which consists of the username then a separator=20 string then the password all concatenated together. The=20 number of chars in this string determines which field of=20 values to retrieve from my 50x50 db. Each of the 50=20 retrieved values in the selected field represents a=20 character positions in my original 1000 char random=20 string ... =20 I simply take the value from the first (then second, then=20 third, etc.) record in the db, find the char position=20 corresponding to that value (1-999) in the string of 1000=20 chars, and replace that char with the first (then second,=20 then third, etc.) char appearing in my "string to be=20 encoded". =20 When all the chars in my "string to be encoded" have=20 replaced the appropriate chars in my 1000 char string I use=20 Base64 to further encode the resulting 1000 char string=20 which becomes 1/3 longer, and that's the value I set as the=20 cookie that identifies whether or not the visitor is valid=20 and logged in. That's as far as I've gotten with it, and I haven't tested=20 its speed yet but hopefully it will be 'fast enough'. :) Sincerely, Ken Grome "Olin Lagon"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

ampersand in a sendmail body (2007) Permision deny. (2005) encrypt (2000) WebMerchant? (1998) Correct Linux Version for WC 6 (2006) WebCat2b13MacPlugIn - [include] (1997) Date Calulation (1997) encrypting templates.... (2000) the dreaded unitShipCost (2003) Keep away (1997) SPAM is SPAM is SPAM.... Smith Micro - no competition (2000) ShowNext for method=POST (1997) Pithy questions on webcommerce & siteedit (1997) Sorting error (1997) Install Webcatalog under NT4.0 and Microsoft IIS 2.0 (1997) I'm having trouble using [url][interpret][math] together in lookup (1997) RE: [WebDNA] JSONStore Levels (2020) how to post without certain data appearing in the html source (2001) [WebDNA] Ubuntu 14 install of Server 8.1 failed with 404s (2016) [shownext] (1998)