Re: [WebDNA] Encode cookies ONLY via "method=Base64"
This WebDNA talk-list message is from 2012
It keeps the original formatting.
numero = 109287
interpreted = N
texte = On 2012-07-13, at 3:19 AM, Stuart Tremain wrote:> Almost 4 years on and the only encryption/decryption that you can do =with cookies is method=3DBase64, and I have just spent 2 days proving it =:(>=20> Thinking of opening a liquor store ..... problem is it may be like =Dracula in charge of the Blood BankLuke! Don't give in ... to the Dark Side. ;-)If you are working on your authentication system - I don't think you =don't need to encrypt cookies for that anyway... just make a cookie =that holds a plain text (cart #) sessionID... which points to a session =record in a session db.. or else points to a sessionID in the user's =record in the custom users' db. Make every protected page check the =cookie.. which looks up the user record and sees if the session has =expired, and if it comes from a login that passed back when you checked =the input user/pass (within say the last 30 mins.). Hacking would =require someone to not only guess the exact cart string, but that cart =string *in association with that exact username/pass/session*. =20I can hand you the auth. module I built like this some years ago.. let =me know.-Govinda=
Associated Messages, from the most recent to the oldest:
On 2012-07-13, at 3:19 AM, Stuart Tremain wrote:> Almost 4 years on and the only encryption/decryption that you can do =with cookies is method=3DBase64, and I have just spent 2 days proving it =:(>=20> Thinking of opening a liquor store ..... problem is it may be like =Dracula in charge of the Blood BankLuke! Don't give in ... to the Dark Side. ;-)If you are working on your authentication system - I don't think you =don't need to encrypt cookies for that anyway... just make a cookie =that holds a plain text (cart #) sessionID... which points to a session =record in a session db.. or else points to a sessionID in the user's =record in the custom users' db. Make every protected page check the =cookie.. which looks up the user record and sees if the session has =expired, and if it comes from a login that passed back when you checked =the input user/pass (within say the last 30 mins.). Hacking would =require someone to not only guess the exact cart string, but that cart =string *in association with that exact username/pass/session*. =20I can hand you the auth. module I built like this some years ago.. let =me know.-Govinda=
Govinda
DOWNLOAD WEBDNA NOW!
Top Articles:
Talk List
The WebDNA community talk-list is the best place to get some help: several hundred extremely proficient programmers with an excellent knowledge of WebDNA and an excellent spirit will deliver all the tips and tricks you can imagine...
Related Readings:
[WebDNA] opinions on [switch] [case]... (2009)
Web Catalog 2 demo (1997)
WebDNA update from Smith Micro (2002)
Running WebCat from a CD-ROM (1997)
WebCatalog Plug-in for Webstar. (1997)
Cookies (1998)
[sendmail] problem getting silly now =\ (2000)
Processing all html files through WebCat or Typhoon (1998)
convertchars and e-mail (1998)
Emailer connect failure definitions (2003)
syntax question, not in online refernce (1997)
Re(2): typhoon ? (2003)
Email within tmpl ? (1997)
PCS Frames (1997)
searching twice on same field (1998)
MOOOOOO (2000)
[WebDNA] suffix question regarding table (2009)
I give up!! (1997)
Netscape v. IE (1997)
More Discount Pricing thoughts/efforts (1998)