[thelist] Security when managing online sessions
Chris Blessing
webguy at mail.rit.edu
Tue Dec 4 17:27:36 CST 2001
Hmph, I did not know that. Interesting!
Yeah db entries will definitely be protected. ;) Thanks for the info.
Chris Blessing
webguy at mail.rit.edu
http://www.330i.net
> -----Original Message-----
> From: thelist-admin at lists.evolt.org
> [mailto:thelist-admin at lists.evolt.org]On Behalf Of Scott Dexter
> Sent: Tuesday, December 04, 2001 6:26 PM
> To: thelist at lists.evolt.org
> Subject: RE: [thelist] Security when managing online sessions
>
>
> > 128-bit encrypted, can I carelessly throw information like
> > usernames and
> > passwords across the net and into session vars (cookies)
>
> Session variables are not sent across the net in the first place (What
> is sent is a SessionID cookie, and that is a lookup key for the
> information in server memory). The cookie would be encrypted, so I'd say
> you would get away with it.
>
> Oh, but you might wanna encrypt at least the pwds in the db...
>
> sgd
>
> ---------------------------------------
> For unsubscribe and other options, including
> the Tip Harvester and archive of TheList go to:
> http://lists.evolt.org Workers of the Web, evolt !
More information about the thelist
mailing list