On Sun, 2008-10-19 at 19:12 -0500, Micah Gersten wrote:
> Don't use cookies, use sessions.
>
> Thank you,
> Micah Gersten
> onShore Networks
> Internal Developer
> http://www.onshore.com
>
>
>
> Ben Stones wrote:
> > I've read a few videos on cookie security and it makes sense that people can
>
Don't use cookies, use sessions.
Thank you,
Micah Gersten
onShore Networks
Internal Developer
http://www.onshore.com
Ben Stones wrote:
> I've read a few videos on cookie security and it makes sense that people can
> modify cookie values which is a problem I'm trying to figure out to *try*
> and
> You encrypt stuff with a string that you keep secret. That string is needed
> to decrypt the string.
I recommend you change that string once in a while.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
On Oct 15, 2008, at 1:21 PM, Yeti wrote:
You encrypt stuff with a string that you keep secret. That string
is needed to decrypt the string.
I recommend you change that string once in a while.
Also, picking up a copy of:
Essential PHP Security
by Chris Shiflett
# ISBN-10: 059600656X
# ISBN-
On 15 Oct 2008, at 18:21, Yeti wrote:
You encrypt stuff with a string that you keep secret. That string
is needed to decrypt the string.
I recommend you change that string once in a while.
That's never a bad idea with any secret token, but bear in mind that
when you do all existing cookies
Makes perfect sense. I have included this security in my script - thanks to
both of you for your help!
Cheers!
2008/10/15 Stut <[EMAIL PROTECTED]>
> On 15 Oct 2008, at 16:04, Ben Stones wrote:
>
>> Can you explain to me the benefits of hashing/encrypting/md5'ing cookie
>> values? I don't see how
On 15 Oct 2008, at 16:04, Ben Stones wrote:
Can you explain to me the benefits of hashing/encrypting/md5'ing
cookie values? I don't see how it'd stop hackers from changing
cookie values?
You encrypt stuff with a string that you keep secret. That string is
needed to decrypt the string.
Wh
On 15 Oct 2008 at 16:04, Ben Stones wrote:
> Can you explain to me the benefits of hashing/encrypting/md5'ing cookie
> values? I don't see how it'd stop hackers from changing cookie values?
Hi,
You would keep a copy of the hash on the server and check that against the
submitted
value. If they
Can you explain to me the benefits of hashing/encrypting/md5'ing cookie
values? I don't see how it'd stop hackers from changing cookie values?
2008/10/15 Stut <[EMAIL PROTECTED]>
> On 15 Oct 2008, at 15:23, Ben Stones wrote:
>
>> I've read a few videos on cookie security and it makes sense that
On 15 Oct 2008, at 15:23, Ben Stones wrote:
I've read a few videos on cookie security and it makes sense that
people can
modify cookie values which is a problem I'm trying to figure out to
*try*
and prevent. What I'll first do is at the top of the page that
validates if
the cookie values is
10 matches
Mail list logo
