I'd see Thomas' reply on storing the hashed version of the password. This is better than my method. As for the mechanics of the cookie, you can either store one cookie, and then simply say the first 50 chars are username, the rest password, or use two passwords. I like to be anal, so if I am storing a sensitive piece of info, I won't use an obvious cookie name. You can also do stuff like:
Take username, pad it to 50 chararacters, add hashed password, reverse the entire string. Etc. It won't stop the determined hacker, but it will stop a script kiddie most likely. ======================================================================== === Raymond Camden, ColdFusion Jedi Master for Mindseye, Inc (www.mindseye.com) Member of Team Macromedia (http://www.macromedia.com/go/teammacromedia) Email : [EMAIL PROTECTED] Blog : www.camdenfamily.com/morpheus/blog Yahoo IM : morpheus "My ally is the Force, and a powerful ally it is." - Yoda > -----Original Message----- > From: Jeff [mailto:[EMAIL PROTECTED] > Sent: Thursday, July 10, 2003 8:01 AM > To: CF-Talk > Subject: Re: [cflogin] My Symptoms and my application.cfm code... > > > on 7/10/03 9:57 AM, Raymond Camden at [EMAIL PROTECTED] wrote: > > > It does, unless someone decrypts your cookie. Why not simply store > > both the username and password? THen the only risk is if > someone hacks > > into the users computer, and THEN the only thing loss is > ONE account. > > Currently if I decrypt your cookie I can become any account > if I guess > > the ID. > > As a comma seperated list? Or would you just set a > "COOKIE.un" and a "COOKIE.pw". > > Also, does anything else in the logic look fishy? It smells > okay to me, but I might just be looking at it too darn much > and not seeing what's right in front of me... > > ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq This list and all House of Fusion resources hosted by CFHosting.com. The place for dependable ColdFusion Hosting. http://www.cfhosting.com Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
