RE: [WebDNA] Encode cookies ONLY via "method=Base64"

This WebDNA talk-list message is from

2008


It keeps the original formatting.
numero = 101274
interpreted = N
texte = What about just creating a new field in your user table called = hiddenval. Then when a person logs in, write a cookie with a random = number and set that field to the same number for the logged in user. = When you check if a person is logged in, all you have to do is perform = one lookup to check the cookie against the hidden field value and if a = match is found then the record of the validated user is returned. So no = matter how hard someone tries to crack your cookie code, it doesn't = matter. It is always completely random. Using this method it is also easy to create the "keep me logged in" = option for folks. If checked, then don't expire the cookie. If not = checked, then expire after the session is pau. Oh if you do this you have to make sure each time you set a cookie it is = guaranteed to be random or you will get folks logged in as others! Aloha, Olin -----Original Message----- From: Kenneth Grome [mailto:kengrome@gmail.com]=20 Sent: Sunday, October 26, 2008 9:57 PM To: talk@webdna.us Subject: Re: [WebDNA] Encode cookies ONLY via "method=3DBase64" > I'm curious what you might be using as a routine to > generate that string of 500 random characters. I just entered 26 lowercase and 26 uppercase alpha chars and=20 10 digits into a db file, one record for each char, then I=20 do a search for all records which gives me 62 total chars=20 that can be retrieved, but I limit the search to the first=20 30 chars and I run the search inside a loop that iterates=20 70 times thus giving me a string of 2100 chars. I guess I=20 could use other chars in the db but I know that=20 alphanumerics won't create problems so I'll probably just=20 stick with what I have for now. Then I create a random number between 1 and 1000 using=20 several [random] tags and getchars which limits the=20 resulting random number to 3 chars in length, and I use=20 this [rn] as the start value with 999+[rn] as the end value=20 in another getchars to extract a contiguous segment of the=20 1000 random chars from the original 2100 random char=20 string -- so yes I'm using 1000 chars now rather than the=20 500 chars previously mentioned. Then I use another db with 50 fields and 50 records, each=20 field containing one unique value ranging from 1-999. =20 These values appear in random order in the columns in the=20 db and there are no duplicates in these columns, so that=20 when I search this db via rank=3Doff I get 50 non-duplicate=20 values ranging from 1-999 in whatever field I choose to=20 retrieve. Next I count the number of characters in the "string to be=20 encoded" which consists of the username then a separator=20 string then the password all concatenated together. The=20 number of chars in this string determines which field of=20 values to retrieve from my 50x50 db. Each of the 50=20 retrieved values in the selected field represents a=20 character positions in my original 1000 char random=20 string ... =20 I simply take the value from the first (then second, then=20 third, etc.) record in the db, find the char position=20 corresponding to that value (1-999) in the string of 1000=20 chars, and replace that char with the first (then second,=20 then third, etc.) char appearing in my "string to be=20 encoded". =20 When all the chars in my "string to be encoded" have=20 replaced the appropriate chars in my 1000 char string I use=20 Base64 to further encode the resulting 1000 char string=20 which becomes 1/3 longer, and that's the value I set as the=20 cookie that identifies whether or not the visitor is valid=20 and logged in. That's as far as I've gotten with it, and I haven't tested=20 its speed yet but hopefully it will be 'fast enough'. :) Sincerely, Ken Grome Associated Messages, from the most recent to the oldest:

    
  1. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  2. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2012)
  3. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime Inc, Matthew A Perosi " 2012)
  4. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Govinda 2012)
  5. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2012)
  6. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  7. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  8. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  9. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  10. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  11. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  12. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  13. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  14. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Gary Krockover" 2008)
  15. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  16. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  17. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  18. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  19. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  20. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Marc Thompson 2008)
  21. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Patrick McCormick 2008)
  22. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  23. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Brian Fries 2008)
  24. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Christer Olsson 2008)
  25. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  26. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Donovan Brooke 2008)
  27. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  28. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  29. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  30. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  31. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  32. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  33. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
  34. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Bob Minor 2008)
  35. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  36. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  37. RE: [WebDNA] Encode cookies ONLY via "method=Base64" ("Olin Lagon" 2008)
  38. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  39. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  40. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  41. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  42. Re: [WebDNA] Encode cookies ONLY via "method=Base64" ("Psi Prime, Matthew A Perosi " 2008)
  43. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Kenneth Grome 2008)
  44. Re: [WebDNA] Encode cookies ONLY via "method=Base64" (Stuart Tremain 2008)
What about just creating a new field in your user table called = hiddenval. Then when a person logs in, write a cookie with a random = number and set that field to the same number for the logged in user. = When you check if a person is logged in, all you have to do is perform = one lookup to check the cookie against the hidden field value and if a = match is found then the record of the validated user is returned. So no = matter how hard someone tries to crack your cookie code, it doesn't = matter. It is always completely random. Using this method it is also easy to create the "keep me logged in" = option for folks. If checked, then don't expire the cookie. If not = checked, then expire after the session is pau. Oh if you do this you have to make sure each time you set a cookie it is = guaranteed to be random or you will get folks logged in as others! Aloha, Olin -----Original Message----- From: Kenneth Grome [mailto:kengrome@gmail.com]=20 Sent: Sunday, October 26, 2008 9:57 PM To: talk@webdna.us Subject: Re: [WebDNA] Encode cookies ONLY via "method=3DBase64" > I'm curious what you might be using as a routine to > generate that string of 500 random characters. I just entered 26 lowercase and 26 uppercase alpha chars and=20 10 digits into a db file, one record for each char, then I=20 do a search for all records which gives me 62 total chars=20 that can be retrieved, but I limit the search to the first=20 30 chars and I run the search inside a loop that iterates=20 70 times thus giving me a string of 2100 chars. I guess I=20 could use other chars in the db but I know that=20 alphanumerics won't create problems so I'll probably just=20 stick with what I have for now. Then I create a random number between 1 and 1000 using=20 several [random] tags and getchars which limits the=20 resulting random number to 3 chars in length, and I use=20 this [rn] as the start value with 999+[rn] as the end value=20 in another getchars to extract a contiguous segment of the=20 1000 random chars from the original 2100 random char=20 string -- so yes I'm using 1000 chars now rather than the=20 500 chars previously mentioned. Then I use another db with 50 fields and 50 records, each=20 field containing one unique value ranging from 1-999. =20 These values appear in random order in the columns in the=20 db and there are no duplicates in these columns, so that=20 when I search this db via rank=3Doff I get 50 non-duplicate=20 values ranging from 1-999 in whatever field I choose to=20 retrieve. Next I count the number of characters in the "string to be=20 encoded" which consists of the username then a separator=20 string then the password all concatenated together. The=20 number of chars in this string determines which field of=20 values to retrieve from my 50x50 db. Each of the 50=20 retrieved values in the selected field represents a=20 character positions in my original 1000 char random=20 string ... =20 I simply take the value from the first (then second, then=20 third, etc.) record in the db, find the char position=20 corresponding to that value (1-999) in the string of 1000=20 chars, and replace that char with the first (then second,=20 then third, etc.) char appearing in my "string to be=20 encoded". =20 When all the chars in my "string to be encoded" have=20 replaced the appropriate chars in my 1000 char string I use=20 Base64 to further encode the resulting 1000 char string=20 which becomes 1/3 longer, and that's the value I set as the=20 cookie that identifies whether or not the visitor is valid=20 and logged in. That's as far as I've gotten with it, and I haven't tested=20 its speed yet but hopefully it will be 'fast enough'. :) Sincerely, Ken Grome "Olin Lagon"

DOWNLOAD WEBDNA NOW!

Top Articles:

Talk List

The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...

Related Readings:

Busted at the Border (1998) Programmer needed (2001) OT: Forcing a header when printing web pages (2002) [ShowNext] feature in 2.0 (1997) db protection on NT (1997) before after on (1998) Why does 0 divided by 1=1? (2003) Summing fields (1997) BBEdit and WebCatalog 2.0? (1997) Unable to view next 101-200 (1997) WebCatalog 2.0 & WebDNA docs in HTML ... (1997) RedHat Linux glibc version 2.1.2 or higher required (2000) Hiding HTML and page breaks (1997) Variable security (2000) ftp to webstar (2001) html delivery (1997) Secure Server (1997) Not sending email !!! (2002) WebCat2b13 Command Reference Doc error (1997) Where is f2? (1997)