crypting
Marty Pauley
marty+belfast-pm at kasei.com
Tue Jun 11 08:05:50 CDT 2002
On Tue Jun 11 08:42:30 2002, Scott McWhirter wrote:
> The expirytime is stored serverside in the usertable. So when it does
> authen_cred() it will insert an expiry time into the usertable then
> during authen_ses_key() it will get the expiry from the user table from
> the id matching the plaintext number. It then hashes the
> idnumber:secretphrase:expiry together and compares to check for
> tainting.
That will work.
I still prefer encryption to avoid the query in authen_ses_key.
--
Marty
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 212 bytes
Desc: not available
Url : http://mail.pm.org/archives/belfast-pm/attachments/20020611/dc2a4889/attachment.bin
More information about the Belfast-pm
mailing list