[tg-trunk] Re: "Remember Me" patch for identity

[Nadav Samet]

I've came across this solution. We preferred a solution which would not require adding a new table. But I guess there is no secure way to implement "remember me" without modifying the database.

On 11/1/06, Tim Lesher <[EMAIL PROTECTED]> wrote:

The most secure way I've seen to implement "remember me" cookies is as
a one-time login ticket. Once the ticket is used, a different one is
issued, and the original is deleted from the server. Neither the
encrypted nor the cleartext password crosses the wire unless a remember
cookie expires or the user logs in from a different machine.



--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups "TurboGears Trunk" group.
To post to this group, send email to turbogears-trunk@googlegroups.com
To unsubscribe from this group, send email to [EMAIL PROTECTED]
For more options, visit this group at http://groups.google.com/group/turbogears-trunk
-~----------~----~----~----~------~----~------~--~---

• Previous message
• View by thread
• View by date
• Next message

• [tg-trunk] Re: "Remember Me" patch for identity Andrew Grover
• • [tg-trunk] Re: "Remember Me" patch for identi... thesamet
  • • [tg-trunk] Re: "Remember Me" patch for id... Andrew Grover
    • • [tg-trunk] Re: "Remember Me" patch fo... Nadav Samet
      • • [tg-trunk] Re: "Remember Me" patc... Andrew Grover
        • • [tg-trunk] Re: "Remember Me"... Nadav Samet
          • • [tg-trunk] Re: "Remember Me&q... Nadav Samet
            • [tg-trunk] Re: "Remember Me&q... Kevin Horn
            • [tg-trunk] Re: "Remember Me&q... isaac
            • [tg-trunk] Re: "Remember Me&q... Tim Lesher
            • [tg-trunk] Re: "Remember Me&q... Nadav Samet

Reply via email to