It's not a secret anymore!
The moose likes Cattle Drive and the fly likes Passwords and Cookies in Servlets - 4b Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » This Site » Cattle Drive
Bookmark "Passwords and Cookies in Servlets - 4b" Watch "Passwords and Cookies in Servlets - 4b" New topic

Passwords and Cookies in Servlets - 4b

Jeremy Medford
Ranch Hand

Joined: Jan 16, 2007
Posts: 44
Hi All,

I'm getting back into the saddle here after a few months out to pasture and had a couple questions regarding Servlets 4b.
It mentions the method to retrieve values from a Cookie. But, the instructions do not mention what we should do with this value.

Are we supposed to compare the value of the cookie to some expected value? In this case it is a password. But the only way to do that is to store the password as a string when it is entered. I thought it was not a good idea to store passwords in this way.

Am I missing something or did you have something different in mind?
paul wheaton

Joined: Dec 14, 1998
Posts: 20972

Never store passwords in cookies.

In fact, when you get a little more skill under your belt, you should never store a password ever. But that is another discussion for another day.

What you are going to do is to store something in the cookie that is your own personal proof that you know that you wrote that, not some hacker. For the sake of this assignment, response.addCookie( new Cookie("favorite_cheese", "extra stinky bloo cheese") ); is acceptable. For the real world when the data does not have particularly great value, writing "dfwegx", "94tuw62k" is probably good enough. For higher security, you might work in an obfuscated time/date algorithm with a CRC or rich hash.

permaculture Wood Burning Stoves 2.0 - 4-DVD set
I agree. Here's the link:
subject: Passwords and Cookies in Servlets - 4b
It's not a secret anymore!