XP is just a number | |
PerlMonks |
Re: Two-Way Password Encryptionby Abigail-II (Bishop) |
on May 07, 2003 at 14:58 UTC ( [id://256226]=note: print w/replies, xml ) | Need Help?? |
Note that if you store something in a cookie, and all that's
required for authentication is to echo back what's in the cookie,
it hardly matters whether you store an encrypted password, or
a random number. You will be vunerable against session hijacking.
Someone able to snoop the connection between the client and the
server can intercept the cookie, and hence pretent to be the
person that is logged in.
You might want to consider using an encrypted channel instead. Abigail
In Section
Seekers of Perl Wisdom
|
|