Slash Boxes
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
More | Login | Reply
Loading... please wait.
  • And merlyn writes: If Netscape had only embedded a unique serial number in each browser, and not invented cookies, people would have done The Right Thing. {sigh}

    While that's an interesting idea, I see a couple of problems. The big one is obvious: everyone is going to scream about their privacy and they would be right. Can you imagine the field day that spammers would have once they realized they could map the serial number to a set of preferences and a name? Our government has made it clear that the

    • It can be done safely if one is careful to embed some sort of anti-tampering device (like a MD5 hash), but despite having heard of that, I've never seen it actually done.
      So then a clever hacker will just MD5 the new price. That worked well. :^)

      The bottom line is that you have to have some of the data be held in a trusted store, so you might as well avoid the need for checking for tampering by just using a product ID of some sort.

      • The MD5 hash works by having a secret key of data kept on the server. The hidden fields are used with the secret key to ensure that creating a new MD5 hash is non-trivial. The hacker would likely be forced to brute force the key. This would be more difficult than a typical crack because there could be many hidden fields and the attacker would have to try different combinations of them. That, combined with a random enough secret key would make the MD5 hash relatively secure. I guess I should have mentioned the secret key up front :)