Hi, Either was is not 100% secure uncless you use HTTPS. However disadvantages of passing via url parameter is there is a posibility that url parameters may be printed in logs which is insecure.
On Fri, Nov 28, 2014 at 9:05 AM, Sameera Jayaratna <[email protected]> wrote: > Hi, > > I'm working on Password recovery for ES, following [1]. > > According to [1], in the sequence of calls to the > *UserInformationRecoveryService, > *the key generated in one call needs to be passed to the next call for > verification. These calls occur in different views, so we need to pass the > keys from one view to the next. > > What is the best way to do this? > > > - passing as url parameters? > - storing them in the session? > > Is there any security concerns related to either approach? > Or is there a better way to do this? > > Any thoughts on this would be helpful. > > Thank you, > Sameera > > [1] https://docs.wso2.com/display/IS500/Recover+with+Secret+Questions > > -- > > > > *Thanks & Regards,Sameera Jayaratna Software Engineer; **WSO2 Inc. * > > *lean . enterprise . middleware | http://wso2.com <http://wso2.com> * > > _______________________________________________ > Dev mailing list > [email protected] > http://wso2.org/cgi-bin/mailman/listinfo/dev > > -- Udara Liyanage Software Engineer WSO2, Inc.: http://wso2.com lean. enterprise. middleware web: http://udaraliyanage.wordpress.com phone: +94 71 443 6897
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
