Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Password in Cookie

 
Rajah Nagur
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use firefox browser. With the help of Web Developer plugin I saw the cookies set by the Javaranch site.
I notice the password is being stored in plain text in the cookie.

Is this acceptable? Can it not even be encrypted?

The cookie name starts with ubber.

Where's the security?
 
Pradeep bhatt
Ranch Hand
Posts: 8927
Firefox Browser Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes the password is stored in cookie and it is visible when you open the cookie. JR is not so secure.
 
Ulf Dittmer
Rancher
Posts: 42967
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, it's not ideal, but it's what the current software supports.

On the other hand, even an encrypted cookie would not stop someone else who's sitting at your machine to use your JR account. If you're on a shared machine, you should delete all cookies (and history etc.) anyway when you're done. Or are you worried about someone snooping the TCP/IP connection, and catching the cookie in transit?
 
marc weber
Sheriff
Posts: 11343
Java Mac Safari
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ha! Now I know my password!
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic