httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Lukas Ruf <...@rawip.org>
Subject Re: [users@httpd] Identifying a session
Date Sat, 28 Dec 2002 16:37:18 GMT

> Chris Taylor <chris@x-bb.org> [2002-12-28 17:30]:
>
> 
> In the past, I normally use a Database with all my user details, and
> store a hash of the password (ie, something non reversible) and the
> user id in the cookie. That effectively means you can auth them on
> every page (check that the server-generated hash matches the cookie's
> one) without any trouble, and is sufficiently quick to execute.
> 
> It also gives you a lot more options that using REMOTE_USER only.
> However, I generally design semi-secure sites (basic forums, add-on
> login functions etc). Of course, you can SSL on top of all this to
> add a bit of *real* security.
> 

yupp!  I will follow this hint to optimize my approach once I got it
working.

Thanks!

Lukas
-- 
Lukas Ruf
http://www.lpr.ch
Wanna know anything about raw ip? 
Join rawip@rawip.org on http://www.rawip.org

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message