Matt,

Moved to Web400.

-Walden 


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 
-----Original Message-----
From: rpg400-l-bounces@xxxxxxxxxxxx
[mailto:rpg400-l-bounces@xxxxxxxxxxxx] On Behalf Of Haas, Matt
Sent: Tuesday, 05 October, 2004 13:55
To: RPG programming on the AS400 / iSeries
Subject: RE: CIPHER'n problem

I know better than to save credit card or SSN information in a cookie
(encrypted or not). Basically, what we did is switch from basic
authentication to using forms and I've been asked for the site to
remember the login information so the customers don't need to type in
their user id and password (basically, the same functionality the
"remember me" check box in the basic auth dialog gives you). If my
thinking's correct, this will be better security than what we had with
basic auth since login information will be passed both to and from the
server encrypted instead of Base64 encoded. If you have better ideas
about accomplishing this, I'd love to hear them but we should either go
off-list or switch to either Web-400 or Ignite/400 since it really isn't
an RPG topic.

If nothing else, I know there are other things coming up that will
require encryption and now I have a working program to use as a base for
something production level.

Matt

-----Original Message-----
From: Walden H. Leverich [mailto:WaldenL@xxxxxxxxxxxxxxx]
Sent: Tuesday, October 05, 2004 12:28 PM
To: RPG programming on the AS400 / iSeries
Subject: RE: CIPHER'n problem


>For an upcoming project, I need to store some encrypted data in 
>a cookie which has me looking at using the CIPHER MI 
>instruction to do this. 

OK, I know this isn't what you asked, but I can't resist... WHY? You
shouldn't be saving anything in a cookie that needs to be encrypted. If
you're saving any personal information (name, credit card #, SSN, etc.)
in the cookie, please don't. If you're saving the key to your
server-side files that contain that information then why bother
encrypting it? 

-Walden


------------
Walden H Leverich III
President & CEO
Tech Software
(516) 627-3800 x11
WaldenL@xxxxxxxxxxxxxxx
http://www.TechSoftInc.com 

Quiquid latine dictum sit altum viditur.
(Whatever is said in Latin seems profound.)
 

--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing
list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.


--
This is the RPG programming on the AS400 / iSeries (RPG400-L) mailing
list
To post a message email: RPG400-L@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/rpg400-l
or email: RPG400-L-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/rpg400-l.



As an Amazon Associate we earn from qualifying purchases.

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.