Registration, Authentication, Cookies
-
The best way I can think of is to relate my question to what codeproject does: Remember Me? After logging in, how does the system recognize me the next time without storing WhoIs data in the cookie? If I would store the
developer_idone could easly make his own cookie as another developer. Storing a password is unsafe and I would like to avoid it. Vote twice on sunday When voting for an article, it is fair to only vote once. How can I ensure that? I looked in the codeprojects' cookie and didn't see any recollection of my past votes... Is there a database involved? can someone suggest a way to approach this issue? Needs I thought that it is wise to store adeveloper_idandaliasin a cookie and that would help out when approaching FORMS throughout. With that, I would extract the necessary data from the DB - e.g. Email and "place" it where it is needed. But, as I mentioned, by just browsing the site, one can easily bake his own cookie with another existing developers' id and alias... Encryption If by now you are thinking why not use encryption, then do you know of a good encryption algorithm for ASP (NOT .NET) ? Thank you. -
The best way I can think of is to relate my question to what codeproject does: Remember Me? After logging in, how does the system recognize me the next time without storing WhoIs data in the cookie? If I would store the
developer_idone could easly make his own cookie as another developer. Storing a password is unsafe and I would like to avoid it. Vote twice on sunday When voting for an article, it is fair to only vote once. How can I ensure that? I looked in the codeprojects' cookie and didn't see any recollection of my past votes... Is there a database involved? can someone suggest a way to approach this issue? Needs I thought that it is wise to store adeveloper_idandaliasin a cookie and that would help out when approaching FORMS throughout. With that, I would extract the necessary data from the DB - e.g. Email and "place" it where it is needed. But, as I mentioned, by just browsing the site, one can easily bake his own cookie with another existing developers' id and alias... Encryption If by now you are thinking why not use encryption, then do you know of a good encryption algorithm for ASP (NOT .NET) ? Thank you.Ok, I am still in need of help but this is what I have so far: I have decided to encrypt the cookie data which holds only a developer_id and alias. using double encryption I can later compare if the data has been tampered with or not. votes This issue remains unresolved. How can I ensure that someone doesn't vote twice? CP rules!
-
The best way I can think of is to relate my question to what codeproject does: Remember Me? After logging in, how does the system recognize me the next time without storing WhoIs data in the cookie? If I would store the
developer_idone could easly make his own cookie as another developer. Storing a password is unsafe and I would like to avoid it. Vote twice on sunday When voting for an article, it is fair to only vote once. How can I ensure that? I looked in the codeprojects' cookie and didn't see any recollection of my past votes... Is there a database involved? can someone suggest a way to approach this issue? Needs I thought that it is wise to store adeveloper_idandaliasin a cookie and that would help out when approaching FORMS throughout. With that, I would extract the necessary data from the DB - e.g. Email and "place" it where it is needed. But, as I mentioned, by just browsing the site, one can easily bake his own cookie with another existing developers' id and alias... Encryption If by now you are thinking why not use encryption, then do you know of a good encryption algorithm for ASP (NOT .NET) ? Thank you.allia wrote: If by now you are thinking why not use encryption, then do you know of a good encryption algorithm for ASP How about using the Crypto API/CAPICOM? http://msdn.microsoft.com/library/default.asp?url=/library/en-us/security/security/using_capicom.asp[^] -- Ian Darling "The moral of the story is that with a contrived example, you can prove anything." - Joel Spolsky