Re: Link Issue


Perl: the Markov chain saw
	PerlMonks

Re: Link Issue

by dirac (Beadle)

on Jul 08, 2005 at 15:42 UTC ( [id://473456]=note: print w/replies, xml )

Need Help??

in reply to Link Issue

You can encrypt it with MD5

#!/usr/bin/perl -w
use strict;

use Digest::MD5 qw(md5_hex md5_base64);

my $user = "User";
my $passwd = md5_hex("mypassword"); 
print $passwd,"\n"; 
print "<a href='login.pl?user=$user&passwd=$passwd'>all_names</a>\n";

my $storedPasswd = "mypassword";
my $digestStored = md5_hex($storedPasswd);

print "Passwd OK\n" if $digestStored eq $passwd;

Comment on Re: Link Issue

Replies are listed 'Best First'.
Re^2: Link Issue by sgifford (Prior) on Jul 08, 2005 at 18:41 UTC
The problem with this scheme is that, although you've hidden the password, you've made the MD5 of the password equivalent to the password for your application. For example, if I sniff or shoulder-surf a session from this user and see that they're using `user=sgifford&passwd=MD5ENCODEDSTRING`, then I can simply log on to your system by sending these same parameters, even though I don't know the password. You really want to consider using sessions here, or just putting the username and password in hidden form fields to protect them from shoulder-surfing, and using SSL to protect them across the network.	[reply] [d/l]
Re^2: Link Issue by Anonymous Monk on Jul 08, 2005 at 16:21 UTC
Thanks, I think that using MD5 will do the trick.	[reply]

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://473456]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others learning in the Monastery: (5)

As of 2024-04-19 02:07 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found