Skip site navigation (1) Skip section navigation (2)

Re: Re: Secure pages

From: Timothy_Maguire(at)hartehanks(dot)com
To: David Olbersen <dave(at)slickness(dot)org>
Cc: Michael Fork <mfork(at)toledolink(dot)com>, <Timothy_Maguire(at)hartehanks(dot)com>, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, <pgsql-php(at)postgresql(dot)org>
Subject: Re: Re: Secure pages
Date: 2001-03-13 20:48:29
Message-ID: (view raw, whole thread or download thread mbox)
Lists: pgsql-php
what i have sone in the past for passwords on web pages is have something

if(md5($MyCookie) != "anencryptedpassword")   {

that way even if someone got the file and wanted to find out what the "some
value" was it would be encrypted.

There are probably still ways around this, but for the info you are hiding
from people, this is probably safe enough, at least for me it is.

David Olbersen <dave(at)slickness(dot)org> on 03/13/2001 02:50:45

Sent by:  pgsql-php-owner(at)postgresql(dot)org

To:   Michael Fork <mfork(at)toledolink(dot)com>
cc:   <Timothy_Maguire(at)hartehanks(dot)com>, Paul Joseph McGee
      <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, <pgsql-php(at)postgresql(dot)org>

Subject:  Re: Re: Secure pages

On Tue, 13 Mar 2001, Michael Fork wrote:

->not if the include file ends with a .php -- since it is in <? ?>, anybody
->acessing the file from a web browser would not be able to see it.

I misunderstood, I thought you meant that you would put that code in an
file. Which anybody could get at. However the code being hidden doesn't
that I could look for a cookie from your domain, see it's value, and still
create another cookie.

What you're all looking for is a *session based* authentication system. PHP
this, and you can do it yourself if you have a database set up.

-- Dave

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
message can get through to the mailing list cleanly

This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.


pgsql-php by date

Next:From: Christian MarschalekDate: 2001-03-13 22:23:10
Subject: RE: Re: Re: Secure pages
Previous:From: David OlbersenDate: 2001-03-13 19:50:45
Subject: Re: Re: Secure pages

Privacy Policy | About PostgreSQL
Copyright © 1996-2017 The PostgreSQL Global Development Group