The moose likes Ranch Office and the fly likes Password in Cookie Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » This Site » Ranch Office
Bookmark "Password in Cookie" Watch "Password in Cookie" New topic

Password in Cookie

Rajah Nagur
Ranch Hand

Joined: Nov 06, 2002
Posts: 239
I use firefox browser. With the help of Web Developer plugin I saw the cookies set by the Javaranch site.
I notice the password is being stored in plain text in the cookie.

Is this acceptable? Can it not even be encrypted?

The cookie name starts with ubber.

Where's the security?

You can't wake a person who is <b><i>pretending</i></b> to be asleep.<br />Like what <b>"it"</b> does not like - <i> Gurdjieff </i>
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8927

Yes the password is stored in cookie and it is visible when you open the cookie. JR is not so secure.

Ulf Dittmer

Joined: Mar 22, 2005
Posts: 42965
Yes, it's not ideal, but it's what the current software supports.

On the other hand, even an encrypted cookie would not stop someone else who's sitting at your machine to use your JR account. If you're on a shared machine, you should delete all cookies (and history etc.) anyway when you're done. Or are you worried about someone snooping the TCP/IP connection, and catching the cookie in transit?
marc weber

Joined: Aug 31, 2004
Posts: 11343

Ha! Now I know my password!

"We're kind of on the level of crossword puzzle writers... And no one ever goes to them and gives them an award." ~Joe Strummer
I agree. Here's the link:
subject: Password in Cookie
It's not a secret anymore!