Jump to content

Archived

This topic is now archived and is closed to further replies.

localhost

encrypting cookies....

Recommended Posts

right now on my website, if you have a cookie editor, you can edit the user_name cookie from any username, to any username and act like anyone! I need to know how I can encrypt it so the user won't be able to change it without it messing up the cookie entirely. but I need it so I can decrypt it so I can display the username, unless there is another way?

Please post back.

Share this post


Link to post
Share on other sites
there you go all you need ok.

http://www.phpmag.net/itr/online_artikel/psecom,id,667,nodeid,114.html

Share this post


Link to post
Share on other sites
Well this is for forum software, so we cannot make it so they need to install something just to use it!

Share this post


Link to post
Share on other sites
You could use a reversable encryption method... That would almost as point less as no encryption though... 

Funny thing is, i discovered my ISP's webmail site had the flaw of encrypting a username in a cookie... But no password so someone could just make a md5 username put it in the right cookie and be in as someone else... Bout 3 days after i figured that out their webmail site changed :D

How does your login script and you script that creates the cookie work?

Share this post


Link to post
Share on other sites
well right now i have it so on registration it creates a random number 1-9999999 and then md5's it. that is their loginkey, the cookie that is created, its content is userid-loginkey, so like '213-f761938942d1c06c9fb4b2d1644d147f'

Do you think this is secure enough?

Share this post


Link to post
Share on other sites
So their login key is pretty much a password your script generates right?  Anyways you could just make it md5 the entire userid-login key thing then just compare the userid-login key in the cookie or in a form in a login script to the database one...

Share this post


Link to post
Share on other sites

×

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.