>>As an added measure of security you
can encrypt the cookie with the IP address as the key...<<
If you're using the user's IP address, you'll likely get a surprise. Some
proxy servers, most notably AOL's, will rotate through several IP addresses
in a single session. The worst I've seen so far was an AOL user who's
requests came from 15 different IP addresses in 15 consecutive requests.
Michael J. Sheldon
Internet Applications Developer
Phone: 480.699.1084
http://www.desertraven.com/
PGP Key Available on Request
-----Original Message-----
From: Howie Hamlin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, May 16, 2000 17:49
To: [EMAIL PROTECTED]
Subject: Re: "You have nice cookies .. mind if I have a look?"
----- Original Message -----
From: John Allred <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Tuesday, May 16, 2000 8:33 PM
Subject: Re: "You have nice cookies .. mind if I have a look?"
> In the page submitted by Todd:
> "The NY Times said it has rewritten its cookies code with stronger
> encryption..."
>
> Certainly no one on this list would steal anyone's cookies <grin>, but I
> didn't hear anyone mention the possibility of encrypting one's own
> cookies to protect their contents. This is possible, isn't it?
>
Yes, but the safest thing to do is to keep the client "profile" on the
server and only transmit the cookie. As an added measure of security you
can encrypt the cookie with the IP address as the key...
Howie
> --John Allred
>
>
----------------------------------------------------------------------------
--
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or
send a message to [EMAIL PROTECTED] with 'unsubscribe' in
the body.
------------------------------------------------------------------------------
Archives: http://www.eGroups.com/list/cf-talk
To Unsubscribe visit
http://www.houseoffusion.com/index.cfm?sidebar=lists&body=lists/cf_talk or send a
message to [EMAIL PROTECTED] with 'unsubscribe' in the body.
