I know better than to save credit card or SSN information in a cookie 
(encrypted or not). Basically, what we did is switch from basic authentication 
to using forms and I've been asked for the site to remember the login 
information so the customers don't need to type in their user id and password 
(basically, the same functionality the "remember me" check box in the basic 
auth dialog gives you). If my thinking's correct, this will be better security 
than what we had with basic auth since login information will be passed both to 
and from the server encrypted instead of Base64 encoded. If you have better 
ideas about accomplishing this, I'd love to hear them but we should either go 
off-list or switch to either Web-400 or Ignite/400 since it really isn't an RPG 
topic.

If nothing else, I know there are other things coming up that will require 
encryption and now I have a working program to use as a base for something 
production level.

Matt

-----Original Message-----
From: Walden H. Leverich [mailto:WaldenL@xxxxxxxxxxxxxxx]
Sent: Tuesday, October 05, 2004 12:28 PM
To: RPG programming on the AS400 / iSeries
Subject: RE: CIPHER'n problem


>For an upcoming project, I need to store some encrypted data in 
>a cookie which has me looking at using the CIPHER MI 
>instruction to do this. 

OK, I know this isn't what you asked, but I can't resist... WHY? You
shouldn't be saving anything in a cookie that needs to be encrypted. If
you're saving any personal information (name, credit card #, SSN, etc.)
in the cookie, please don't. If you're saving the key to your
server-side files that contain that information then why bother
encrypting it? 

-Walden


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 

--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.