Re: [Pagekit-users] Cookies not set/detected with PageKit upgrade

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

I finally put it all together (sorry for my slowness)
and determined that this code breaks when blowfish is
used as the crypt algorithm vs. the default 'des'. 
Our sysadmins changed it to blowfish on new machines.

Problem is, blowfish can return different results for
the same crypt $pw, $salt depending on which user runs
it, which shell runs it, which machine runs it, and I
imagine many other variables -- just imagine the
multiple apache processes that are part of a web
session.  So you can't use crypt $pw, $salt and expect
to get common results.  I think the only thing to do
(other than enforcing 'des') is to store everything
encrypted and then use (crypt ($plain, $encryptd) eq
$encrypted), as suggested by perldoc.

True, I should be doing this anyway but it hadn't
percolated to the top of my list, until now. :)

Thanks for all your time in troubleshooting this. 
I'll post anything new that comes about as I learn it.

David

__________________________________
Do you Yahoo!?
Yahoo! Photos: High-quality 4x6 digital prints for 25¢
http://photos.yahoo.com/ph/print_splash