[nycphp-talk] Secure Data
Analysis & Solutions
danielc at analysisandsolutions.com
Thu Jul 17 11:39:43 EDT 2003
Hi Rudy:
On Thu, Jul 17, 2003 at 11:17:12AM -0400, Rudy Gamberini wrote:
> I've used MD5 hash function to encrypt passwords I store in cookies
This is a BAD idea for security. This permits hijacking through someone
sneaking time at the person's computer, a cross-site scripting
vulnerability or exploitation of browser bugs.
> but that approach would not work here. I need to hold the key locally,
> meaning on a machine outside the web-server that will be able to decrypt the
> information after retrieving it.
http://us3.php.net/manual/en/ref.mcrypt.php
--Dan
--
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list