As far as OFBiz is concerned, as long as you use it as intended there is little to worry about - cookie security issues have been addressed. If a user is still concerned about them, they can be directed here:
http://www.us-cert.gov/reading_room/securing_browser/browser_security.html -Adrian --- On Sat, 7/31/10, Michael Wechner <[email protected]> wrote: > From: Michael Wechner <[email protected]> > Subject: Re: username stored in browser cookie? > To: [email protected] > Date: Saturday, July 31, 2010, 1:00 PM > Adrian Crum wrote: > >>> Thanks > >>> > >> Session cookies are totally different and separate > from the > >> very common username cookies. Keep studying. > >> > > > > Also keep in mind that storing the session ID in a > cookie is a security risk too - that session ID can be > hijacked or reused by another user. > > > > yes, but what is the alternative? > > Cheers > > Michael > > > Hence my initial question. Cookies are a security > threat. That's why modern browsers give you the options of > disabling them or removing them when the browser closes. > > > > -Adrian > > > > > > > > > > > >
