Reply to Re: [PHP] Storing password in cookie

Your name:

Reply:


Posted by Jason Wong on 04/09/05 17:56

On Saturday 09 April 2005 21:33, trlists@clayst.com wrote:
> On 9 Apr 2005 John Nichel wrote:
> > While it is not absolute that you can't store passwords in a cookie,
> > it is an absolute that you _shouldn't_
>
> Sorry, I don't agree. There are very few absolute rules in software
> development.

But in this case there really is no reason *why* you need to store a
password (encrypted or otherwise).

> I might, depending on
> the needs, store a hash code as others have suggested

Why not in *all* cases?

> Sometimes convenience is far more important. Often risk is.

I can't see where the convenience lies. For you as a developer, you've
already got the necessary code to do the token thing so there is
practically no difference whether you use a token or a password. For the
user, what are they going to do with an encrypted password -- are you
going to tell them how to decrypt in the case that they have forgotten
the password?

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
------------------------------------------
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
------------------------------------------
New Year Resolution: Ignore top posted posts

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация