Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    New Coder
    Join Date
    Mar 2004
    Posts
    18
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Safe to use cookies

    Hi,

    I just wonder how safe it it to use cookies as follows:

    function setmycookie() {
    global $cookiename,$pass,$expirytime;
    $pw = md5($pass); // Encrypt the password
    setcookie($cookiename,$pw,$expirytime);
    }


    Can it be decrypted even when you use an md5?

    thanks,
    Serap

  • #2
    Senior Coder missing-score's Avatar
    Join Date
    Jan 2003
    Location
    UK
    Posts
    2,194
    Thanks
    0
    Thanked 0 Times in 0 Posts
    No... Personally, I think setting a password in the cookie is a bad idea... It is a much better to store a cookie/session to keep the user logged in... Not store passwords... md5 cannot be decrypted, it is "one way encryption". If you really must store data like this in the cookie then you will need to load the password again and compare an md5 of the loaded password to the md5 in the cookie.

  • #3
    Senior Coder
    Join Date
    Aug 2003
    Location
    One step ahead of you.
    Posts
    2,815
    Thanks
    0
    Thanked 3 Times in 3 Posts
    Generate a hash that is supposed to identify the user. Salt everything you hash. Change the hash everytime the user acceses the page.
    I'm not sure if this was any help, but I hope it didn't make you stupider.

    Experience is something you get just after you really need it.
    PHP Installation Guide Feedback welcome.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •