WebApp Sec mailing list archives
RE: ASP authentication
From: focus () karsites net
Date: Sun, 29 Aug 2004 16:28:09 +0000 (GMT)
May be of some use: Encrypted session date code example - HTH http://www.cs.uchicago.edu/~ido/session_include_php.txt Regards - Keith Roberts On Sat, 28 Aug 2004, pfeito wrote:
To: 'BĂ©noni MARTIN' <Benoni.MARTIN () libertis ga>,
webappsec () lists securityfocus com
From: pfeito <pfeito () netcabo pt>
Subject: RE: ASP authentication
You could hash or encrypt the UserID and store it in a session variable.
This adds an extra layer of security. Its not bullet proof but its more safe
and it adds little cpu overhead.
Hash would be better than symmetrical encryption, but then you'll need the
passwords hashed in the database also.
-pfeito
Current thread:
- Re: ASP authentication, (continued)
- Re: ASP authentication saphyr (Aug 28)
- Re: ASP authentication security (Aug 29)
- Re: ASP authentication George Capehart (Aug 30)
- Re: ASP authentication Ido Mordechai Rosen (Aug 30)
- Re: ASP authentication Saphyr (Aug 31)
- RE: ASP authentication Brett Moore (Sep 01)
- Re: ASP authentication Ido Mordechai Rosen (Sep 01)
- Re: ASP authentication Saphyr (Aug 31)
- RE: ASP authentication Zuech, Richard (Aug 27)
- RE: ASP authentication focus (Aug 28)
- RE: ASP authentication pfeito (Aug 29)
- RE: ASP authentication focus (Aug 29)
- Re: ASP authentication Ido Mordechai Rosen (Aug 31)
- RE: ASP authentication Sarbjit Singh Gill (Aug 29)
- FW: ASP authentication Rishi Pande (Aug 27)
- RE: ASP authentication Scovetta, Michael V (Aug 31)
- Re: ASP authentication Ido Mordechai Rosen (Sep 01)
- Re: ASP authentication Saphyr (Sep 01)
- Re: ASP authentication Ido Mordechai Rosen (Sep 01)