Postgres Pro
Downloads
Home   >   mailing lists

Re: Re: Secure pages - Mailing list pgsql-php

From Timothy_Maguire@hartehanks.com
Subject Re: Re: Secure pages
Date
Msg-id OF3CE0DA25.509B61DE-ON85256A0E.0071EAA3@hartehanks.com
Whole thread Raw
In response to Secure pages  (Paul Joseph McGee <mcgee@student.cs.ucc.ie>)
Responses RE: Re: Re: Secure pages  ("Christian Marschalek" <cm@chello.at>)
List pgsql-php
Tree view 
what i have sone in the past for passwords on web pages is have something
like:

<?
if(md5($MyCookie) != "anencryptedpassword")   {
     header("Location:http//homepage.com/whatever");
     }

that way even if someone got the file and wanted to find out what the "some
value" was it would be encrypted.

There are probably still ways around this, but for the info you are hiding
from people, this is probably safe enough, at least for me it is.




David Olbersen <dave@slickness.org>@postgresql.org on 03/13/2001 02:50:45
PM

Sent by:  pgsql-php-owner@postgresql.org


To:   Michael Fork <mfork@toledolink.com>
cc:   <Timothy_Maguire@hartehanks.com>, Paul Joseph McGee
      <mcgee@student.cs.ucc.ie>, <pgsql-php@postgresql.org>

Subject:  Re: Re: Secure pages


On Tue, 13 Mar 2001, Michael Fork wrote:

->not if the include file ends with a .php -- since it is in <? ?>, anybody
->acessing the file from a web browser would not be able to see it.

I misunderstood, I thought you meant that you would put that code in an
included
file. Which anybody could get at. However the code being hidden doesn't
change
that I could look for a cookie from your domain, see it's value, and still
create another cookie.

What you're all looking for is a *session based* authentication system. PHP
does
this, and you can do it yourself if you have a database set up.

-- Dave


---------------------------(end of broadcast)---------------------------
TIP 3: if posting/reading through Usenet, please send an appropriate
subscribe-nomail command to majordomo@postgresql.org so that your
message can get through to the mailing list cleanly





**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.

This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.

www.mimesweeper.com
**********************************************************************

---------------------------(end of broadcast)---------------------------
TIP 4: Don't 'kill -9' the postmaster

pgsql-php by date:

Previous
From: David Olbersen
Date:
Subject: Re: Re: Secure pages
Next
From: "Christian Marschalek"
Date:
Subject: RE: Re: Re: Secure pages