Reply to Re: [PHP] Storing password in cookie

Your name:

Reply:


Posted by trlists on 04/09/05 16:33

On 9 Apr 2005 John Nichel wrote:

> While it is not absolute that you can't store passwords in a cookie, it
> is an absolute that you _shouldn't_

Sorry, I don't agree. There are very few absolute rules in software
development.

For sites accessing sensitive information or that allow spending money,
I would not store anything in a cookie that permitted a login.

However, for something like a web-based discussion board where I don't
really care if a person who sits at my computer or a thief who robs my
house gets access, I think it is not a big deal. I might, depending on
the needs, store a hash code as others have suggested, or an encrypted
version of the password, with user permission of course.

There is almost always a tradeoff between convenience and risk.
Sometimes convenience is far more important. Often risk is.



--
Tom

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация