Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

Friendster Security Hole 5 Comments More | Login | Reply /

 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.

  • Which also stores usernames and passwords in plain text in a cookie? Well, obfuscated, at least as much as basic-auth is...

    Quite shocked me when I looked closely at my slashdot / use.perl cookies.

    -Dom

    • I post it to use.perl.org for the same reason others post post plenty of other non-Perl things here: it interests me.

      The comment about the use.perl cookie was interesting. I had suspicions about the cookie, but never looked at it that closely. If you really want fun, though, take a look at the full headers. You'll see things like: X-Bender: My full name is Bender Bending Rodriguez. and X-Fry: Hey look, it's that guy you are! .

    • FWIW: No usernames are stored, the user IDs are. And the MD5 hash of the password, not plaintext, is stored, which can be used to log in if you also have the user ID. Also, there is an option in your password prefs to not store the cookie information.

      And you can always click "Logout" to delete your cookie, too.

      As to the proper deleting of a cookie: setting the expiration date is the recommended method. In this Netscape doc [netscape.com], for example, it says: If a CGI script wishes to delete a cookie, it can do so b
Stories, comments, journals, and other submissions on use Perl; are Copyright 1998-2006, their respective owners.