Ryan Davis wrote:
>
> First of all, thanks for the quick response. This application isn't in use
> yet, so now is the time to make security changes
>
> A few questions/let me see if I'm following you:
>
> A user enters their password, I create the digest, and store the digest as a
> cookie. This is secure since you can't recreate the digest without knowing
> $rand.
>
> When they change pages (states in the script) the CGI reads the cookie, and
> converts the digest to password, and verifies it?
>
> How is the conversion from digest to password done? I check my docs, and it
> doesn't say anything about getting the message _out_ of digest form.
>
> Thanks,
> Ryan
>
What you do is take the password on the system and digest it again.
Then do the compare.
Or at least that's what I remember from reading the security section of "CGI
Programming with Perl", though I may be wrong.
Matt
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
