An alternative is to encrypt the token secret.  Keep the encrypted
secret on the server and the encryption key in a cookie.

- Scott


On Feb 17, 9:27 am, John Meyer <john.l.me...@gmail.com> wrote:
> On 2/17/2010 5:32 AM, Dmitri Snytkine wrote:
>
> > Just wondering, is it a bad practive for a web-based app to store
> > user's token and secret in cookies?
> > This would of cause simplify and speed up the login, but is it a
> > security risk?
>
> When you boil it down, everything done to increase accessibility is a
> security risk.  I would think that if you keep your consumer key pair on
> the server there is little problem with this.

Reply via email to