[thelist] A simple cms

Ron ronr at linuxdude.com
Thu Dec 4 12:41:00 CST 2008


No security issues, per se. But not very practical since the
cookie is only good on that machine and the browser used to
downloaded it. I guess it *could* be useful in certain situations
but most need their site available from laptop/home/work/school/etc.

~

Chris Price wrote:
> I have built a simple cms into a website and to access the controls I 
> have provided a link to a url (with query string) which downloads a 
> cookie to the user's machine. Then when the user accesses the website a 
> link to the cms is provided but only the macine with the cookie can see it.
>
> There is no sensitive data there, no sql database and the cookie expires 
> after about a month.
>
> As far as I can see the cookie is no different to a user saving their 
> user name and password on their computer. If I am to use it where more 
> than 1 person will have access I will add another stage where they have 
> to add their usr & pw.
>
> Its written in php.
>
> What would be the security issues around this approach?
>   




More information about the thelist mailing list