On Sun, 2008-10-19 at 19:12 -0500, Micah Gersten wrote:
> Don't use cookies, use sessions.
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> Ben Stones wrote:
> > I've read a few videos on cookie security and it makes sense that people can
>
Don't use cookies, use sessions.
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ben Stones wrote:
> I've read a few videos on cookie security and it makes sense that people can
> modify cookie values which is a problem I'm trying to figure out to *try*
> and
> You encrypt stuff with a string that you keep secret. That string is needed
> to decrypt the string.
I recommend you change that string once in a while.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Oct 15, 2008, at 1:21 PM, Yeti wrote:
You encrypt stuff with a string that you keep secret. That string
is needed to decrypt the string.
I recommend you change that string once in a while.
Also, picking up a copy of:
Essential PHP Security
by Chris Shiflett
# ISBN-10: 059600656X
# ISBN-
On 15 Oct 2008, at 18:21, Yeti wrote:
You encrypt stuff with a string that you keep secret. That string
is needed to decrypt the string.
I recommend you change that string once in a while.
That's never a bad idea with any secret token, but bear in mind that
when you do all existing cookies
Makes perfect sense. I have included this security in my script - thanks to
both of you for your help!
Cheers!
2008/10/15 Stut <[EMAIL PROTECTED]>
> On 15 Oct 2008, at 16:04, Ben Stones wrote:
>
>> Can you explain to me the benefits of hashing/encrypting/md5'ing cookie
>> values? I don't see how
On 15 Oct 2008, at 16:04, Ben Stones wrote:
Can you explain to me the benefits of hashing/encrypting/md5'ing
cookie values? I don't see how it'd stop hackers from changing
cookie values?
You encrypt stuff with a string that you keep secret. That string is
needed to decrypt the string.
Wh
On 15 Oct 2008 at 16:04, Ben Stones wrote:
> Can you explain to me the benefits of hashing/encrypting/md5'ing cookie
> values? I don't see how it'd stop hackers from changing cookie values?
Hi,
You would keep a copy of the hash on the server and check that against the
submitted
value. If they
I've read a few videos on cookie security and it makes sense that people can
modify cookie values which is a problem I'm trying to figure out to *try*
and prevent. What I'll first do is at the top of the page that validates if
the cookie values is in the database, but what my next problem is they'd
Can you explain to me the benefits of hashing/encrypting/md5'ing cookie
values? I don't see how it'd stop hackers from changing cookie values?
2008/10/15 Stut <[EMAIL PROTECTED]>
> On 15 Oct 2008, at 15:23, Ben Stones wrote:
>
>> I've read a few videos on cookie security and it makes sense that
On 15 Oct 2008, at 15:23, Ben Stones wrote:
I've read a few videos on cookie security and it makes sense that
people can
modify cookie values which is a problem I'm trying to figure out to
*try*
and prevent. What I'll first do is at the top of the page that
validates if
the cookie values is
11 matches
Mail list logo
