perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ask Bjørn Hansen <...@develooper.com>
Subject Re: Ways to scale a mod_perl site
Date Fri, 18 Sep 2009 22:38:10 GMT

On Sep 16, 2009, at 9:13, Brad Van Sickle wrote:

>> I've never seen the need to do that. In fact, I would suggest you  
>> drop sessions altogether if you can. If you need any per-session  
>> information then put it in a cookie. If you need this information  
>> to be tamper-proof then you can create a hash of the cookie's data  
>> that you store as part of the cookie. If you can reduce the # of  
>> times that each request needs to actually hit the database you'll  
>> have big wins.
>
> Can I get you to explain this a little more?  I don't see how this  
> could be used for truly secure sites because I don't quite  
> understand how storing a hash in a plain text cookie would be secure.


If you are just concerned about the cookie being changed; add a time  
stamp and a hash to the cookie data.

There's an example on page 19 of http://develooper.com/talks/rww-mysql-2008.pdf 
  ...

If you are concerned about the cookie being readable at all, you can  
encrypt the whole thing.

Either way it's "tamper proof".


   - ask

-- 
http://develooper.com/ - http://askask.com/



Mime
View raw message