According to my knowledge cookie.setSecure(true) doesn't encrypt anything. If you call it then the cookie will be sent over only over a secure connection. So if you have an unsecure connection the cookie will not be used.
Tamas On 12/14/05, Deepa Khetan <[EMAIL PROTECTED]> wrote: > > Thanks Alexandre!! > Just couple of doubts... what do u mean by "It doesn't encrypt the values > stored on the client. You have to do it yourself." ?? Does that mean that > the values will be visible in clear text?? How can i check how the data is > > getting encrypted over the network?? Do i need to use some tool for it?? > Actually, before implementing it, i need to tell all the pros and cons for > secured Cookies to my client. So, i need to do my homework thoroughly. > > > > On 12/14/05, Alexandre Poitras <[EMAIL PROTECTED]> wrote: > > > > If you set this property to true, your cookie will be sent over an > > HTTP/SSL (https) connection. What it means is that every value to be > > stored in this cookie are encrypted before being sent on the network. > > This way, any malicious third party who are *sniffing* the network > > can't read the values to be stored in this cookie. You should only use > > it if you store sensible information in the cookie that you don't want > > anyone to intercept. But be warned that the cookie can still be > > accessed by the client, so it isn't the best place to store password > > unless you use encrypted values. Cookie.setSecure() only encrypt data > > sent on the network wich are decrypted by the client when they are > > received. It doesn't encrypt the values stored on the client. You have > > to do it yourself. > > > > On 12/13/05, Deepa Khetan <[EMAIL PROTECTED]> wrote: > > > Hi!! > > > I am not geting any help from net about this issue. So, postin this > > question > > > on this group. > > > I want to know exactly what difference does it make if i set > > > Cookie.setSecure(true)?? I am using SSL in my application. What are > the > > > advantages or disadvantages of doing it from security point of view. > > > > > > Please help > > > > > > Deepa > > > > > > > > > > > > -- > > Alexandre Poitras > > Québec, Canada > > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: [EMAIL PROTECTED] > > For additional commands, e-mail: [EMAIL PROTECTED] > > > > > >
