FUDforum
Fast Uncompromising Discussions. FUDforum will get your users talking.

Home » Imported messages » comp.lang.php » Best practice, (secure), to save session data?
Show: Today's Messages :: Polls :: Message Navigator
Return to the default flat view Create a new topic Submit Reply
Re: Best practice, (secure), to save session data? [message #178407 is a reply to message #178406] Fri, 15 June 2012 07:46 Go to previous messageGo to previous message
Chris Davies is currently offline  Chris Davies
Messages: 6
Registered: June 2012
Karma:
Junior Member
>> 2. If you encrypt the data into the cookie using a secret known only to
>> the website then at least someone has to go to the bother of trying to
>> brute force the data string, but they have as much time as they like to
>> do so. Password security.
>>

Jerry Stuckle <jstucklex(at)attglobal(dot)net> wrote:
> Incorrect. They don't need to break the string. All they have to do is
> send the cookie. The server doesn't care which client the cookie came from.

No. Read what I said again, in the context of the OP's comment. He was
talking about putting the real data into the cookie.

Chris
[Message index]
 
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Read Message
Previous Topic: Stats comp.lang.php (last 7 days)
Next Topic: Is spl_object_hash unique in the SQL sense? Can it be used as a unique SQL db column?
Goto Forum:
  

-=] Back to Top [=-
[ Syndicate this forum (XML) ] [ RSS ]

Current Time: Tue Nov 26 23:06:56 GMT 2024

Total time taken to generate the page: 0.04391 seconds