permaculture playing cards*
The moose likes Ranch Office and the fly likes Password in Cookie Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » This Site » Ranch Office
Bookmark "Password in Cookie" Watch "Password in Cookie" New topic
Author

Password in Cookie

Rajah Nagur
Ranch Hand

Joined: Nov 06, 2002
Posts: 239
I use firefox browser. With the help of Web Developer plugin I saw the cookies set by the Javaranch site.
I notice the password is being stored in plain text in the cookie.

Is this acceptable? Can it not even be encrypted?

The cookie name starts with ubber.

Where's the security?


You can't wake a person who is <b><i>pretending</i></b> to be asleep.<br />Like what <b>"it"</b> does not like - <i> Gurdjieff </i>
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8898

Yes the password is stored in cookie and it is visible when you open the cookie. JR is not so secure.


Groovy
Ulf Dittmer
Marshal

Joined: Mar 22, 2005
Posts: 39548
    
  27
Yes, it's not ideal, but it's what the current software supports.

On the other hand, even an encrypted cookie would not stop someone else who's sitting at your machine to use your JR account. If you're on a shared machine, you should delete all cookies (and history etc.) anyway when you're done. Or are you worried about someone snooping the TCP/IP connection, and catching the cookie in transit?


Ping & DNS - updated with new look and Ping home screen widget
marc weber
Sheriff

Joined: Aug 31, 2004
Posts: 11343

Ha! Now I know my password!


"We're kind of on the level of crossword puzzle writers... And no one ever goes to them and gives them an award." ~Joe Strummer
sscce.org
 
 
subject: Password in Cookie
 
Similar Threads
Westerns
Regarding Cookies
cookie are the cashed in the browser ???
Adding and retieveing values from Cookie
CookieSSO - Not working