"Sergei Chernev" <ser(at)nsu(dot)ru> writes:
>But if I want to create subform, I have to know username/password again.
>Now, I'm solving this problem transmitting <input type="hidden"> back
>to client - but this method is wrong.
Make an MD5 checksum of the username, password, and current time. Send the
MD5 checksum in a hidden field (or use a cookie). Keep a server-side cache
of the currently valid checksums (expire the old ones periodically), and
check the incoming checksum against the cache for each request.
In response to
pgsql-interfaces by date
|Next:||From: Constantin Teodorescu||Date: 1999-04-15 07:20:11|
|Subject: JDBC getUpdateCount() is working ?|
|Previous:||From: Sergei Chernev||Date: 1999-04-15 05:12:40|