This week's book giveaway is in the Agile and other Processes forum. We're giving away four copies of The Mikado Method and have Ola Ellnestam and Daniel Brolund on-line! See this thread for details.
I use firefox browser. With the help of Web Developer plugin I saw the cookies set by the Javaranch site. I notice the password is being stored in plain text in the cookie.
Is this acceptable? Can it not even be encrypted?
The cookie name starts with ubber.
Where's the security?
You can't wake a person who is <b><i>pretending</i></b> to be asleep.<br />Like what <b>"it"</b> does not like - <i> Gurdjieff </i>
Yes, it's not ideal, but it's what the current software supports.
On the other hand, even an encrypted cookie would not stop someone else who's sitting at your machine to use your JR account. If you're on a shared machine, you should delete all cookies (and history etc.) anyway when you're done. Or are you worried about someone snooping the TCP/IP connection, and catching the cookie in transit?
0
plain text 
