Re: Re: Secure pages

From: Timothy_Maguire(at)hartehanks(dot)com
To: David Olbersen <dave(at)slickness(dot)org>
Cc: Michael Fork <mfork(at)toledolink(dot)com>, <Timothy_Maguire(at)hartehanks(dot)com>, Paul Joseph McGee <mcgee(at)student(dot)cs(dot)ucc(dot)ie>, <pgsql-php(at)postgresql(dot)org>
Subject: Re: Re: Secure pages
Date: 2001-03-13 20:48:29
Message-ID: OF3CE0DA25.509B61DE-ON85256A0E.0071EAA3@hartehanks.com
Views: Raw Message | Whole Thread | Download mbox | Resend email
Thread:
Lists: pgsql-php


what i have sone in the past for passwords on web pages is have something
like:

<?
if(md5($MyCookie) != "anencryptedpassword") {
header("Location:http//homepage.com/whatever");
}

that way even if someone got the file and wanted to find out what the "some
value" was it would be encrypted.

There are probably still ways around this, but for the info you are hiding
from people, this is probably safe enough, at least for me it is.

David Olbersen <dave(at)slickness(dot)org>@postgresql.org on 03/13/2001 02:50:45
PM

Sent by: pgsql-php-owner(at)postgresql(dot)org

To: Michael Fork <mfork(at)toledolink(dot)com>
cc: <Timothy_Maguire(at)hartehanks(dot)com>, Paul Joseph McGee
<mcgee(at)student(dot)cs(dot)ucc(dot)ie>, <pgsql-php(at)postgresql(dot)org>

Subject: Re: Re: Secure pages

On Tue, 13 Mar 2001, Michael Fork wrote:

->not if the include file ends with a .php -- since it is in <? ?>, anybody
->acessing the file from a web browser would not be able to see it.

I misunderstood, I thought you meant that you would put that code in an
included
file. Which anybody could get at. However the code being hidden doesn't
change
that I could look for a cookie from your domain, see it's value, and still
create another cookie.

What you're all looking for is a *session based* authentication system. PHP
does
this, and you can do it yourself if you have a database set up.

-- Dave

---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo(at)postgresql(dot)org so that your
message can get through to the mailing list cleanly

**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

Responses

Browse pgsql-php by date

  From Date Subject
Next Message Christian Marschalek 2001-03-13 22:23:10 RE: Re: Re: Secure pages
Previous Message David Olbersen 2001-03-13 19:50:45 Re: Re: Secure pages