[cgiapp] Safe way to remember user login?
Porta
julian.porta at gmail.com
Tue Jan 13 14:37:05 EST 2009
Lyle:
I'm not really sure, but It seems that you could start here:
http://search.cpan.org/dist/CGI-Session/lib/CGI/Session/Tutorial.pm
In the other hand, if you're considering writing the password back into the
html form, it seems that you may need to take a step back further and
reconsider the idea of what "remember me" implies for you, because my guess
is that you're mixing up things (confusing session handling in the server
side with how the browser *remembers* the username and passwords you
entered)
Anyway, reading the cpan tutorial for CGI::Session will help you one way or
the other.
On Tue, Jan 13, 2009 at 5:23 PM, Lyle <webmaster at cosmicperl.com> wrote:
> Hi All,
> I know a lot of sites have a check box for "remember me" or what not. But
> I'm trying to figure out a safe way to do this. Saving the username and
> password in cookies wouldn't be secure, so I guess some kind of cookie ID.
> But then once you display the login form you'd be writing out the password
> into the <input type=password value=XXXX>, which isn't secure either as
> someone could view source and grab it.
>
> I'm guessing this kind of thing has come up for a lot of people on this
> list, care to share a solution?
>
>
> Lyle
>
>
> ##### CGI::Application community mailing list ################
> ## ##
> ## To unsubscribe, or change your message delivery options, ##
> ## visit: http://lists.openlib.org/mailman/listinfo/cgiapp ##
> ## ##
> ## Web archive: http://lists.openlib.org/pipermail/cgiapp/ ##
> ## Wiki: http://cgiapp.erlbaum.net/ ##
> ## ##
> ################################################################
>
>
More information about the cgiapp
mailing list