...

View Full Version : Safe to use cookies



serap
09-12-2005, 09:08 PM
Hi,

I just wonder how safe it it to use cookies as follows:

function setmycookie() {
global $cookiename,$pass,$expirytime;
$pw = md5($pass); // Encrypt the password
setcookie($cookiename,$pw,$expirytime);
}


Can it be decrypted even when you use an md5?

thanks,
Serap

missing-score
09-12-2005, 09:15 PM
No... Personally, I think setting a password in the cookie is a bad idea... It is a much better to store a cookie/session to keep the user logged in... Not store passwords... md5 cannot be decrypted, it is "one way encryption". If you really must store data like this in the cookie then you will need to load the password again and compare an md5 of the loaded password to the md5 in the cookie.

marek_mar
09-12-2005, 09:19 PM
Generate a hash that is supposed to identify the user. Salt everything you hash. Change the hash everytime the user acceses the page.



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum