On 15 Oct 2008 at 16:04, Ben Stones wrote: > Can you explain to me the benefits of hashing/encrypting/md5'ing cookie > values? I don't see how it'd stop hackers from changing cookie values? Hi, You would keep a copy of the hash on the server and check that against the submitted value. If they are different then the cookie has been modified. Regards Ian -- > > 2008/10/15 Stut <stuttle@xxxxxxxxx> > > > On 15 Oct 2008, at 15:23, Ben Stones wrote: > > > >> I've read a few videos on cookie security and it makes sense that people > >> can > >> modify cookie values which is a problem I'm trying to figure out to *try* > >> and prevent. What I'll first do is at the top of the page that validates > >> if > >> the cookie values is in the database, but what my next problem is they'd > >> use > >> usernames in the database as the vaues. Are there any preventable measures > >> to prevent cookie forging or what not. > >> > > > > You can encrypt or hash the cookies to prevent tampering... > > > > http://stut.net/blog/2008/07/26/sessionless-sessions-2/ > > > > -Stut > > > > -- > > http://stut.net/ > > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
