[thelist] A simple cms
Ron
ronr at linuxdude.com
Thu Dec 4 12:41:00 CST 2008
No security issues, per se. But not very practical since the
cookie is only good on that machine and the browser used to
downloaded it. I guess it *could* be useful in certain situations
but most need their site available from laptop/home/work/school/etc.
~
Chris Price wrote:
> I have built a simple cms into a website and to access the controls I
> have provided a link to a url (with query string) which downloads a
> cookie to the user's machine. Then when the user accesses the website a
> link to the cms is provided but only the macine with the cookie can see it.
>
> There is no sensitive data there, no sql database and the cookie expires
> after about a month.
>
> As far as I can see the cookie is no different to a user saving their
> user name and password on their computer. If I am to use it where more
> than 1 person will have access I will add another stage where they have
> to add their usr & pw.
>
> Its written in php.
>
> What would be the security issues around this approach?
>
More information about the thelist
mailing list