[PHP-DB] RE: Cookie Encrypt/Decrypt ? From: Mark Kirkwood (Mark.Kirkwood <email protected>)
Date: 08/14/00

You can use the mcrypt module in php to encrypt the contents of your user variable...

However consider using the session functions in php4 to save your user data, so that the cookie ( created and handled by the session functions ) only has the session id stored in it.

The cookie is not written to disk by default so is not too visible for folk nosing about, but it can be grabbed by network listeners and used to hijack an existing session ( and it is reasonably easy to do ). If this is a concern there are things you can do ( https, new session id each page ....)

Cheers

Mark

> -----Original Message-----
> From: umobiva <email protected> [SMTP:umobiva <email protected>]
> Sent: Tuesday, August 15, 2000 2:21 AM
> To: php-db <email protected>
> Subject: Cookie Encrypt/Decrypt ?
>
> Hello from a web design newbie,
>
> When a user logs in, I'm using a cookie to save the value of the user
> name so that I can reference that to pull user information throughout
> the site. I noticed that when I look at the cookie that is stored on the
> client system, the info in the cookie is displayed as plain text. How do
> I encrypt that info? I don't need strong encryption I just don't want
> the info to be painfully obvious to anyone just "exploring" the client
> system.
>
>
> How do you do this in php3?
>
> How about php4?
>
> TIA
> 

-- 
PHP Database Mailing List (http://www.php.net/)
To unsubscribe, e-mail: php-db-unsubscribe <email protected>
For additional commands, e-mail: php-db-help <email protected>
To contact the list administrators, e-mail: php-list-admin <email protected>