|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
 |
|
|
|
|
|||||||||
|
|||||||||
|
|||||||||
| |
|||
|
|
|
|
| |||||||||
 |
|
|
«
Previous Thread
|
Next Thread
»
|
Thread Tools | Search this Thread | Display Modes |
Dev Articles Community Forums Sponsor:
|
|
|
|
#1
October 29th, 2002, 11:11 PM
|
|||
|
|||
|
saving login details
Ive just created a members area for my web site case-extreme.com but i was just wanting your opion on saving the details in cookies, so the visitor doesnt have to sign in on ever visit???
I was thinking about saving the username and password, each in a seperate cookie, (encypted with md5 or something) then checking to see if the cookie was set. and check the details agains the database. does this sound ok?? can you think of any security flaws that my happen?? as i want to make my site as user friendly as possible without comprimising on its security.
|
|
#2
October 29th, 2002, 11:18 PM
|
|||
|
|||
|
well..
as long as they are encrypted... MD5 is one way encryption tho...
__________________
Regards, James Yang .NET Developer / Network Engineer MCSE, MCDBA, MCSA, CCNA http://www.yellowpin.com/ http://www.opentechsupport.com/
|
|
#3
October 29th, 2002, 11:23 PM
|
|||
|
|||
|
ill probally do a combo of md5 and base64 + my own basic encrypt method, so it will be like a 1 in 1,000,000,000,000,000,000,000 of hacking it.
|
|
#4
October 29th, 2002, 11:25 PM
|
|||
|
|||
|
the prob is ben,
you can't use the stored password to log them in..cuz its encrypted..and to compare it with the pass..u ned to decrypt it..but its one way..so u can't decrypt it..
|
|
#5
October 29th, 2002, 11:32 PM
|
|||
|
|||
|
quick reply eheheh
anyway your kinda got the point i dont need to dycrypt it tho what i can do, is apply the same encrypt method to the database password and compaired the two together basically you have something like this $cookievariable = md5(md5(md5(md5(md5($cookievariable))))); $databasevariable = md5(md5(md5(md5(md5($databasevariable))))); if($cookievariable == $databasevariable) //is true, create login details else login fail you get what i mean by this?
|
|
#6
October 29th, 2002, 11:34 PM
|
|||
|
|||
|
wha'ts the difference between storing the password with no encryption and with encryption ?
|
|
#7
October 29th, 2002, 11:36 PM
|
|||
|
|||
|
you mean as a cookie or in the database?
|
|
#8
October 29th, 2002, 11:36 PM
|
|||
|
|||
|
in the cookie
|
|
#9
October 29th, 2002, 11:37 PM
|
|||
|
|||
|
how about
storing the session id ? then chk if the session is alive ...or dead..and make them re authenticate when they are dead
|
|
#10
October 31st, 2002, 11:36 PM
|
|||
|
|||
|
i use cookies to save user's status on Got Lag no one has reported to have been hacked and no one has hacked our admin area.
__________________
  "Only Linux users see the end of crashes." - Pl4t0
|
|
#13
November 1st, 2002, 07:25 AM
|
|||
|
|||
|
if you can wait im going to be writing a article on creating a members area with session and a database
|
|
#14
November 1st, 2002, 09:59 AM
|
|||
|
|||
|
Ben, that sounds fine. That's really the best you can do... and storing them in seperate cookies is also a good idea. I used an encryption method on a site that used 2 cookies for the password and 1 of course for the username. it was something like... md5(password)*md5(password)+md5(password) = cookie1 and md5(password)/md5(password)+md5(password = cookie2 , and cookie1 + cookie2 = what was in the db, hehe.
|
|
#15
November 1st, 2002, 10:20 AM
|
|||
|
|||
|
Quote:
can wait ! .. Thanks 
__________________
Hungry for Code Programming works best with a team over one single person
|
|
| Viewing: Dev Articles Community Forums > Programming > General Programming Help > saving login details |
| Thread Tools | Search this Thread |
| Display Modes | Rate This Thread |
|
|
 |
|
|
Del.icio.us
Digg
Google
Spurl
Blink
Furl
Simpy
Y! MyWeb
Linear Mode
