[Haskell-cafe] ANN: Nomyx 0.1 beta, the game where you can change the rules
Corentin Dupont
corentin.dupont at gmail.com
Wed Feb 27 20:20:20 CET 2013
hash is reversible or not?
On Wed, Feb 27, 2013 at 8:18 PM, Clark Gaebel <cgaebel at uwaterloo.ca> wrote:
> You could just hash it.
>
> - Clark
>
>
> On Wed, Feb 27, 2013 at 2:08 PM, Corentin Dupont <
> corentin.dupont at gmail.com> wrote:
>
>> So I need to "encrypt" the user ID in some way? What I need is to
>> associate the user ID to a random number and store the association is a
>> table?
>>
>>
>>
>> On Wed, Feb 27, 2013 at 3:52 PM, Erik Hesselink <hesselink at gmail.com>wrote:
>>
>>> Note that cookies are not the solution here. Cookies are just as user
>>> controlled as the url, just less visible. What you need is a session
>>> id: a mapping from a non-consecutive, non-guessable, secret token to
>>> the user id (which is sequential and thus guessable, and often exposed
>>> in urls etc.). It doesn't matter if you then store it in the url or a
>>> cookie. Cookies are just more convenient.
>>>
>>> Erik
>>>
>>> On Wed, Feb 27, 2013 at 3:30 PM, Corentin Dupont
>>> <corentin.dupont at gmail.com> wrote:
>>> > Yes, having a cookie to keep track of the session if something I plan
>>> to do.
>>> >
>>> > On Wed, Feb 27, 2013 at 3:16 PM, Mats Rauhala <mats.rauhala at gmail.com>
>>> > wrote:
>>> >>
>>> >> The user id is not necessarily the problem, but rather that you can
>>> >> impose as another user. For this, one solution is to keep track of a
>>> >> unique (changing) user token in the cookies and use that for verifying
>>> >> the user.
>>> >>
>>> >> --
>>> >> Mats Rauhala
>>> >> MasseR
>>> >>
>>> >> -----BEGIN PGP SIGNATURE-----
>>> >> Version: GnuPG v1.4.10 (GNU/Linux)
>>> >>
>>> >> iEYEARECAAYFAlEuFVQACgkQHRg/fChhmVMu3ACeLLjbluDQRYekIA2XY37Xbrql
>>> >> tH0An1eQHrLLxCjHHBQcZKmy1iYxCxTt
>>> >> =tf0d
>>> >> -----END PGP SIGNATURE-----
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Haskell-Cafe mailing list
>>> >> Haskell-Cafe at haskell.org
>>> >> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > Haskell-Cafe mailing list
>>> > Haskell-Cafe at haskell.org
>>> > http://www.haskell.org/mailman/listinfo/haskell-cafe
>>> >
>>>
>>
>>
>> _______________________________________________
>> Haskell-Cafe mailing list
>> Haskell-Cafe at haskell.org
>> http://www.haskell.org/mailman/listinfo/haskell-cafe
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.haskell.org/pipermail/haskell-cafe/attachments/20130227/69e98722/attachment.htm>
More information about the Haskell-Cafe
mailing list