Still a little bit confused;
So what if someone just creates an HTML with a hidden field containing any
login:time plus another hidden with MD5 hash made out of his own
IP+login+time and submits it?
Then they just bypassed your security :) The thing is that you take a
string built out of
mario kulka wrote:
Hi,
I guess I'm lost again on this topic:(
I'm basically trying the following:
User logs in - then he has a choice:
1. enter new record
2. edit old one
Once taken to those new pages I somehow must keep the fact that he already
logged in and at the same time forbid other
On Wed, 12 Feb 2003 17:07:16 +
mario kulka [EMAIL PROTECTED] wrote:
Hi,
I guess I'm lost again on this topic:(
I'm basically trying the following:
User logs in - then he has a choice:
1. enter new record
2. edit old one
Once taken to those new pages I somehow must keep the fact that
From: mario kulka [EMAIL PROTECTED]
Still a little bit confused;
So what if someone just creates an HTML with a hidden field containing
any login:time plus another hidden with MD5 hash made out of his own
IP+login+time and submits it? According to your explanation I
understood that if my
mario kulka wrote:
The only reason I would think it would be hard to do is for someone to
guess that the hash was made of his IP and not something else.
Using the IP may be a very bad idea as it is *not* necessarily
reproducible. For instance someone coming from a large company may be
http://www.perldoc.com/perl5.6.1/lib/CGI.html
should get you what you need..
-G
On Mon, 09 Sep 2002 19:18:43 +
Mariusz K [EMAIL PROTECTED] wrote:
Hi:)
I want to be able to track the user as he goes from one pae to another. I
heard that sessionID are used for that purpose. I was
-Original Message-
From: Mariusz K [mailto:[EMAIL PROTECTED]]
Sent: Monday, September 09, 2002 3:19 PM
To: [EMAIL PROTECTED]
Subject: session id
Hi:)
I want to be able to track the user as he goes from one pae
to another. I
heard that sessionID are used for that purpose.
I usually use Session::Apache for that. It will allow for the creation of
session ID's, storing data, and retreival of data. You will need to set up
a table in a database, and then put some code in each page to fetch the
session ID from the querystring or cookie so that it can initialize the
