Re: CGI::Session and sensitive data


Welcome to the Monastery
	PerlMonks

Re: CGI::Session and sensitive data

by moritz (Cardinal)

on May 16, 2012 at 18:48 UTC ( [id://970891]=note: print w/replies, xml )

Need Help??

in reply to CGI::Session and sensitive data

A more secure way is to ask the user for the password whenever the API key is needed. But of course that's annoying.

If it's the database you worry about, you could always store the sessions data outside the database (in memory or flat files).

But in the end your application needs the API key in plain text, so if a potential attacker gets a certain access level to your application, he will gain access to the API key too.

Perl 6 - the future is here, just unevenly distributed

Comment on Re: CGI::Session and sensitive data

In Section Seekers of Perl Wisdom

Domain Nodelet^?

www.com | www.net | www.org

Node Status^?

node history
Node Type: note [id://970891]
help

Chatterbox^?

How do I use this? • Last hour • Other CB clients

Other Users^?

Others perusing the Monastery: (5)

As of 2024-04-19 13:49 GMT

Sections^?

Information^?

Find Nodes^?

Leftovers^?

Today I Learned

Voting Booth^?

No recent polls found