http://www.perlmonks.org?node_id=354702


in reply to Crypt::CBC and verifying passwords

You really should know that storing passwords client side in a cookie is a bad idea. Encrypt and compare baby, all the way, SERVER side.

Replies are listed 'Best First'.
Re: Re: Crypt::CBC and verifying passwords
by geektron (Curate) on May 19, 2004 at 18:05 UTC
    i'm aware that (unencrypted) almost anything in a cookie is a Bad Idea ™, but without rearchitecting this whole application, i'm stuck with encrypted cookies.

    encrypted in cookie, decrypted and compared server side.