Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- Sending encryption keys as cookies
July 20, 2006, 5:17 am
rate this thread
data is to not store the key anywhere on the server. So I have the user
manually type it in and it gets stored as a persistent cookie on their
In other words, when the log in, they are prompted for the key . the
key is then posted via a form to a php script which stores the key as a
cookie. Is this secure? Is there any loophole in doing it this way?
Re: Sending encryption keys as cookies
Well there's always the possibility of packet sniffing
(http://en.wikipedia.org/wiki/Packet_sniffer ) as long as you are using http.
If you can set up an https server, then you can talk about secure. All data
from client to server, including the encryption key is then already
encrypted and can't be revealed by capturing packets like when using http.
"ohjelmoija on organismi joka muuttaa kofeiinia koodiksi" -lpk
firstname.lastname@example.org | Gedoon-S @ IRCnet | rot13(email@example.com)