Skip site navigation (1) Skip section navigation (2)

Re: [INTERFACES] WEB-interface

From: Michael Robinson <robinson(at)netrinsics(dot)com>
To: pgsql-interfaces(at)postgreSQL(dot)org, ser(at)nsu(dot)ru
Subject: Re: [INTERFACES] WEB-interface
Date: 1999-04-15 05:36:25
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-interfaces
"Sergei Chernev" <ser(at)nsu(dot)ru> writes:
>But if I want to create subform, I have to know username/password again.
>Now, I'm solving this problem transmitting <input type="hidden"> back
>to client - but this method is wrong.

Make an MD5 checksum of the username, password, and current time.  Send the
MD5 checksum in a hidden field (or use a cookie).  Keep a server-side cache
of the currently valid checksums (expire the old ones periodically), and 
check the incoming checksum against the cache for each request.

	-Michael Robinson

In response to

pgsql-interfaces by date

Next:From: Constantin TeodorescuDate: 1999-04-15 07:20:11
Subject: JDBC getUpdateCount() is working ?
Previous:From: Sergei ChernevDate: 1999-04-15 05:12:40
Subject: WEB-interface

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group