> Still a little bit confused;
> So what if someone just creates an HTML with a hidden field containing any
> "login:time" plus another hidden with MD5 hash made out of his own
> IP+login+time and submits it?
Then they just bypassed your security :) The thing is that you take a
string built out of
mario kulka wrote:
> Hi,
> I guess I'm lost again on this topic:(
> I'm basically trying the following:
> User logs in -> then he has a choice:
> 1. enter new record
> 2. edit old one
> Once taken to those new pages I somehow must keep the fact that he already
> logged in and at the same time forb
y combinations, but if the secret_word (or
number) is short; isn't easy to find it?
Mariusz
From: "Jenda Krynicky" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: Re: session ID
Date: Thu, 13 Feb 2003 00:37:38 +0100
From: "mario kulka" <[EMAIL PR
mario kulka wrote:
The only reason I would think it would be hard to do is for someone to
guess that the hash was made of his IP and not something else.
Using the IP may be a very bad idea as it is *not* necessarily
reproducible. For instance someone coming from a large company may be
using
From: "mario kulka" <[EMAIL PROTECTED]>
> Still a little bit confused;
> So what if someone just creates an HTML with a hidden field containing
> any "login:time" plus another hidden with MD5 hash made out of his own
> IP+login+time and submits it? According to your explanation I
> understood that
hash).
Thanks for further explanations,
Mariusz
From: Bernhard van Staveren <[EMAIL PROTECTED]>
To: "mario kulka" <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED]
Subject: Re: session ID
Date: Wed, 12 Feb 2003 18:46:27 +0100
On Wed, 12 Feb 2003 17:07:16 +
"mario kulk
On Wed, 12 Feb 2003 17:07:16 +
"mario kulka" <[EMAIL PROTECTED]> wrote:
>
> Hi,
> I guess I'm lost again on this topic:(
> I'm basically trying the following:
> User logs in -> then he has a choice:
> 1. enter new record
> 2. edit old one
> Once taken to those new pages I somehow must keep th
> -Original Message-
> From: Mariusz K [mailto:[EMAIL PROTECTED]]
> Sent: Monday, September 09, 2002 3:19 PM
> To: [EMAIL PROTECTED]
> Subject: session id
>
>
> Hi:)
> I want to be able to track the user as he goes from one pae
> to another. I
> heard that sessionID are used for that p
http://www.perldoc.com/perl5.6.1/lib/CGI.html
should get you what you need..
-G
On Mon, 09 Sep 2002 19:18:43 +
Mariusz K <[EMAIL PROTECTED]> wrote:
> Hi:)
> I want to be able to track the user as he goes from one pae to another. I
> heard that sessionID are used for that purpose. I was t
I usually use Session::Apache for that. It will allow for the creation of
session ID's, storing data, and retreival of data. You will need to set up
a table in a database, and then put some code in each page to fetch the
session ID from the querystring or cookie so that it can initialize the
ses
10 matches
Mail list logo
