Whoops - sent that last one too early.... As for using cookies for authentication, this is the wrong thing(tm). You may want to consider switching to mod_perl, so you can use something like Apache::Session, which will let you use cookies to select sessions, which can contain your authentication state in a far more secure manner. [ie: only create a session when a user logs in, destroy the session when they log out, and check for a valid session when you need to.]. Any manner in which you can store a password in a cookie immediately makes it incrediably insecure, since that cookie will be sent in the clear for *every* HTTP request for objects under the URL base specified in the cookie... and you seriously can't protect a password with a simple hash if you're using the hashed form to confirm authentication [this won't stop people from using the hashed form to force authentication]. +-================================================-+ | Crossfire | This message was brought to you | | [EMAIL PROTECTED] | on 100% recycled electrons | +-================================================-+ > ----- Original Message ----- > From: Dean Hamstead <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Friday, December 01, 2000 9:29 PM > Subject: [SLUG] Another Perl Question > > > > I need to save username and password as a cookie on the client. > > > > yeah thats easy, i would like a single encrypted cookie. Doesnt > > have to be insanely encrypted just something thats not easily > > readable. > > > > (did i mention perl?) > > > > Dean -- SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/ More Info: http://slug.org.au/lists/listinfo/slug
