Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Answer: Security: Cookies vs HTTP authentication

by vaevictus (Pilgrim)
on Sep 02, 2000 at 01:01 UTC ( #30808=categorized answer: print w/replies, xml ) Need Help??

Q&A > CGI programming > Security: Cookies vs HTTP authentication - Answer contributed by vaevictus

cookies and HTTP authentication are not really very secure either of them... you can always hack around their code... and it's sniffable.

HTTPS is much better...

To elaborate more, cookies are not any form of authentication, inherently, because they're just client stored variables. Anyone can have them, edit them and change them. You could encode some sort of key and try try to keep track of the users' sessions or just the users themselves. You are still going to have to do some sort of login technique. If I'm not mistaken, HTTP authentication sets cookies anyway.

If you're worried about "security" you'll need to subdivide "security" by what you're worried about. If you need to be sure that a user says he's who he is, you'll need to use some sort of cryptography and authentication technique. If you're going to have content that 3rd parties cannot see, you'll have to invest some time and/or money or both into HTTPS. If you're worried about someone rooting your box, you'll have to be very careful with your scripts, global variables, and even your webserver setup and version.

Security is not a goal, it is a way of Life.

  • Comment on Answer: Security: Cookies vs HTTP authentication
Log In?

What's my password?
Create A New User
[choroba]: Hey
[Discipulus]: all is well.. flying home
[Eily]: if I had a flying home I would be rather concerned I think

How do I use this? | Other CB clients
Other Users?
Others wandering the Monastery: (9)
As of 2018-02-21 17:31 GMT
Find Nodes?
    Voting Booth?
    When it is dark outside I am happiest to see ...

    Results (285 votes). Check out past polls.