Re: [cgiapp] enciphered-cookie-only sessions

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cgiapp] enciphered-cookie-only sessions

Subject: Re: [cgiapp] enciphered-cookie-only sessions
Date: Mon, 10 Mar 2008 06:06:30 -0700
From: "Mark Fuller" <suppressed>

On Mon, Mar 10, 2008 at 3:56 AM, Ricardo SIGNES
<suppressed> wrote:
> stores your whole session in the cookie.  It's  stored as a base64-encoded,
> Rijndael-enciphered, JSON-encoded string.  This  seemed like a swell idea for me,

I hear a lot about brute-force attacks on encryption. Also, that what
seemed like a terrific amount of brute force 5-10 years ago isn't
today. Is that a concern (if someone steals cookies)?

Mark

#####  CGI::Application community mailing list  ################
##                                                            ##
##  To unsubscribe, or change your message delivery options,  ##
##  visit:  http://www.erlbaum.net/mailman/listinfo/cgiapp    ##
##                                                            ##
##  Web archive:   http://www.erlbaum.net/pipermail/cgiapp/   ##
##  Wiki:          http://cgiapp.erlbaum.net/                 ##
##                                                            ##
################################################################

Follow-Ups:
- Re: [cgiapp] enciphered-cookie-only sessions
  - From: Ricardo SIGNES

References:
- [cgiapp] enciphered-cookie-only sessions
  - From: Ricardo SIGNES

Prev by Date: [cgiapp] enciphered-cookie-only sessions
Next by Date: Re: [cgiapp] enciphered-cookie-only sessions
Previous by thread: [cgiapp] enciphered-cookie-only sessions
Next by thread: Re: [cgiapp] enciphered-cookie-only sessions
Index(es):
- Date
- Thread

Mail converted by mhonarc 2.6.15
This archive provided courtesy of JSW4.NET, Internet Hosting Services for Small Business.