Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Archived Discussions Archived Development & Programming Login & Cookie Security
Login & Cookie Security
  • El Forum
    Guest
  •  
#4
10-30-2009, 05:42 PM

[eluser]bretticus[/eluser]
[quote author="georgerobbo" date="1256934665"]Hello,

I have a few questions about login and cookie security.


Of course you should have all passwords in your database encrypted. However is it possible to intercept the password or any data from a form before it is encrypted by the server?
[/quote]
Yes. this is why SSL was invented. If you can't use it, I suggest using JavaScript to hash the password with random salt before transmitting. Also, store the result in a database so the hash token cannot be replayed.
[quote author="georgerobbo" date="1256934665"]
Secondly when setting a cookie after a user has logged in should you do:

a cookie with a value set to true to say they are logged in

or a cookie containing a username and another containing their encrypted password / or a specific session ID?[/quote]

Just use CI sessions and be sure to turn on session encryption via config.php file.


Messages In This Thread
Login & Cookie Security - by El Forum - 10-30-2009, 09:31 AM
Login & Cookie Security - by El Forum - 10-30-2009, 09:46 AM
Login & Cookie Security - by El Forum - 10-30-2009, 10:48 AM
Login & Cookie Security - by El Forum - 10-30-2009, 05:42 PM



Theme © iAndrew 2016 - Forum software by © MyBB