On Jan 14, 2004, at 3:52 AM, Nadeem Bitar wrote:
A note about storing passwords in cookies.
Encode the password.
Do not store the userid with the password in the cookie, store some id
associated with the user id.
You can generate a one-way hash (MD5) of the contents of the cookie with
a "secret key" only known to the server. This way when you get the
cookie back you can compare it to make sure it wasn't altered.
Many open source java projects store passwords in cookies insecurely so beware of that if you are going to use that as reference.
I'm guilty of this - do you have code samples (or articles) of how to MD5-ify a String and get it's "secret code?" I've been struggling with this for quite some time - a full example (storing "some id" vs. userid) is even more desirable.
Thanks,
Matt
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
