SitePoint Sponsor

User Tag List

Results 1 to 14 of 14
  1. #1
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cookies, usernames, and passwords

    When a cookie is sent to the client, is the data encrypted, or do I need to do that?
    John

  2. #2
    Happy Holidays !! Paul S's Avatar
    Join Date
    Mar 2001
    Location
    Mexico
    Posts
    1,287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No is not encrypted, is plain text (that's why they are not secure) Usually what do is use a non decrypting method, check this mini tutorial : http://www.sitepointforums.com/showt...threadid=76471

    Paul

  3. #3
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    No, cookies are sent plaintext.... Take a look at some of the cookies in your Temporary Internet Folder.

  4. #4
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So would you encrypt it BEFORE sending it out with the cookie? And then when the client returns to the site, take the cookie data, compare it to the db without encrypting anything else, and then automatically log them in?
    Is that about as secure as it gets? Or is there a better way?
    John

  5. #5
    chown linux:users\ /world Hartmann's Avatar
    Join Date
    Aug 2000
    Location
    Houston, TX, USA
    Posts
    6,455
    Mentioned
    11 Post(s)
    Tagged
    0 Thread(s)
    Yes that would be the way to do it. I wouldn't use cookies though, sessions would be better since cookies are depreciated in PHP4.2

  6. #6
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm using sessions, but I want my clients to be able to come to the site and not have to go through the log in process in order to access the information. I thought that cookies would allow me to do that, like here on SitePoint. I don't have to log in everytime I come to the site to post a message.

    How would you go about doing that, or will it eventually become obsolete?
    John

  7. #7
    Happy Holidays !! Paul S's Avatar
    Join Date
    Mar 2001
    Location
    Mexico
    Posts
    1,287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Hartmann
    Yes that would be the way to do it. I wouldn't use cookies though, sessions would be better since cookies are depreciated in PHP4.2
    I second that

    Paul

  8. #8
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, HOW can sessions do that? I am using user defined session functions that store session information in a database.
    John

  9. #9
    Happy Holidays !! Paul S's Avatar
    Join Date
    Mar 2001
    Location
    Mexico
    Posts
    1,287
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by PHP John
    I'm using sessions, but I want my clients to be able to come to the site and not have to go through the log in process in order to access the information. I thought that cookies would allow me to do that, like here on SitePoint. I don't have to log in everytime I come to the site to post a message.

    How would you go about doing that, or will it eventually become obsolete?
    In that case you have to use cookies, it all depends on how sensitive is the information in your site.

    Paul

  10. #10
    if($awake){code();} PHP John's Avatar
    Join Date
    Jul 2002
    Location
    Along the Wasatch Fault line.
    Posts
    1,771
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, how do session do the job of cookies? Are they stored on the client's computer, like cookies are now?

    (this is new territory for me)
    John

  11. #11
    SitePoint Guru dragonhawk's Avatar
    Join Date
    Apr 2002
    Location
    Melbourne
    Posts
    707
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I'm curious to know too...

    Let's say, if i set a cookie on the client's computer in plain text, how is that a security risk unless the client is on a shared computer or unless someone outside manages to get into the computer to view all the cookies?

    On the second point, is it possible to set up a firewall to stop people from browsing through the cookies on your site? or is there a way around it?

  12. #12
    SitePoint Member
    Join Date
    Sep 2002
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    use cookies and encrypt them with md5 or something like that

  13. #13
    SitePoint Wizard Mincer's Avatar
    Join Date
    Mar 2001
    Location
    London | UK
    Posts
    1,140
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Originally posted by Hartmann
    Yes that would be the way to do it. I wouldn't use cookies though, sessions would be better since cookies are depreciated in PHP4.2
    What?

    Cookies and sessions are not one and the same, and I don't think that cookies are deprecated, where are you getting this information?

  14. #14
    Hi there! Owen's Avatar
    Join Date
    Jan 2000
    Location
    CA
    Posts
    1,165
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well I think they were exagerating. They meant that when storing data for only one session you shouldn't use cookies, but sessions, since they are more secure and easier to use. But for data that needs to be stored for a long time (such as a visit counter) then cookies are the only way to do it.

    Owen


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •