Re: [PHP] Storing password in cookie — PHP

You are here: Re: [PHP] Storing password in cookie « PHP « IT news, forums, messages

Posted by trlists on 04/09/05 16:33

On 9 Apr 2005 John Nichel wrote:

> While it is not absolute that you can't store passwords in a cookie, it
> is an absolute that you _shouldn't_

Sorry, I don't agree. There are very few absolute rules in software
development.

For sites accessing sensitive information or that allow spending money,
I would not store anything in a cookie that permitted a login.

However, for something like a web-based discussion board where I don't
really care if a person who sits at my computer or a thief who robs my
house gets access, I think it is not a big deal. I might, depending on
the needs, store a hash code as others have suggested, or an encrypted
version of the password, with user permission of course.

There is almost always a tradeoff between convenience and risk.
Sometimes convenience is far more important. Often risk is.

--
Tom

Navigation:

Next in forum: Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
Prev in forum: Re: [PHP] [PHP-INSTALL] Install Problems on Fedora 3
Thread view: Re: [PHP] Storing password in cookie

[Reply to this message]

Удаленная работа для программистов • Как заработать на Google AdSense • England, UK • статьи на английском • PHP MySQL CMS Apache Oscommerce • Online Business Knowledge Base • DVD MP3 AVI MP4 players codecs conversion help

Home • Search • Site Map • Set as Homepage • Add to Favourites

Сайт изготовлен в Студии Валентина Петручека —
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация