From mboxrd@z Thu Jan 1 00:00:00 1970 From: "Aaron Yourk" To: yngves@sources.redhat.com Cc: gnats-prs@sourceware.cygnus.com Subject: Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies. Date: Sun, 17 Jun 2001 10:04:00 -0000 Message-id: <20010617170400.7300.qmail@sourceware.cygnus.com> X-SW-Source: 2001-q2/msg00168.html List-Id: The following reply was made to PR gnatsweb/201; it has been noted by GNATS. From: "Aaron Yourk" To: , "Yngve Svendsen" Cc: Subject: Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies. Date: Sun, 17 Jun 2001 11:47:46 -0500 I'm currently working on a way to have a little check box in the web page for Login so that stored cookies are optioinal. I think that this fits the bill better. The only thing I can think of that would be good for the encryption of passwords is to (probably optionally) provide a method of logging in over a secure connection. I realize that this implies that the person has to have a secure web server. This is also something feasible over SSL. There is such a thing as Secure cookies, which are basically cookies for secure web sites. ----- Original Message ----- From: "Yngve Svendsen" To: ; Sent: Thursday, June 14, 2001 10:16 Am Subject: Re: gnatsweb/201: GNATS Web forces stored cookies rather than temp cookies. At 19:38 01.06.2001 +0000, ayourk@ndak.net wrote: >GNATSweb forces the user to use permanent/stored cookies. >It could use temp cookies if the cookies didn't use an expiration >date/time. A patch is provided below: Thanks for the patch. We do, however, want to keep using stored cookies since we want to preserve login data between sessions. I would, however, like to implement encryption of passwords stored in cookies. Any input as to how that could best be done would be appreciated. Yngve Svendsen Gnatsweb maintainer