Encrypted passwords are useless!
Printed From: Web Wiz Forums
Category: General Discussion
Forum Name: General Discussion
Forum Description: General discussion and chat on any topic.
URL: https://forums.webwiz.net/forum_posts.asp?TID=3065
Printed Date: 29 March 2026 at 10:03am
Software Version: Web Wiz Forums 12.08 - https://www.webwizforums.com
Topic: Encrypted passwords are useless!
Posted By: Gullanian
Subject: Encrypted passwords are useless!
Date Posted: 27 May 2003 at 11:16am
|
Well not useless! Just suppose this however: Im assuming passwords in cookies are encrypted so that if someone hacked your computer they could not gain access to it... However, the hacker can simply copy+paste the cookie file over to their system and login to your account... It prevents them seeing your passwords if you use the same one, but it does not prevent the from entering the system... A solution? How about storing an encrypted IP address in the cookie, and the cookie is only valid if the IP address matches.... However this wont really work for those 56k people.... |
Replies:
Posted By: MadDog
Date Posted: 27 May 2003 at 11:29am
|
Just do it like this forum, make a new field called "User_code" and run the cookie off that. ------------- http://www.iportalx.net" rel="nofollow"> 
|
Posted By: michael
Date Posted: 27 May 2003 at 12:05pm
|
And if security is such a huge concern, don't let your users store the password and have them enter it every time like most banking systems. ------------- http://baumannphoto.com" rel="nofollow - Blog | http://mpgtracker.com" rel="nofollow - MPG Tracker |
Posted By: ljamal
Date Posted: 27 May 2003 at 12:56pm
|
why would a hacker bother to copy and paste the cookie when they could just access the site from the computer then and there?
My advice is to never store sensitive information in a cookie. Generally I only store maybe first names in the cookie. Anything else would be information only useful if you had access to the database like IDs and date stamps. ------------- L. Jamal Walton http://www.ljamal.com/" rel="nofollow - L. Jamal Inc : Web/ Print Design and ASP Programming |
Posted By: Gullanian
Date Posted: 27 May 2003 at 1:36pm
| No i dont mean about a system im making myself, rather cookie passwords in general |
Posted By: the boss
Date Posted: 27 May 2003 at 11:40pm
| copying cookie from one machine and pasting then in another rmachine doest works anytime for me!!! |
Posted By: Eftie
Date Posted: 28 May 2003 at 12:37am
|
<quote:> How about storing an encrypted IP address in the cookie, and the cookie is only valid if the IP address matches.... Maybe you have cable, but what about the thousands and thousands who use a dial-up connection and get every time another IP address? ------------- Eftie |