• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Ron McLeod
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Paul Clapham
  • Rob Spoor
  • Junilu Lacar
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Piet Souris
  • Carey Brown
Bartenders:

Cookies in encrypted form

 
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,
Thanks in advance.
I am familiar in normal cookies like how to add the information into Cookie and how to retrive data from cookie, but user/client can change his/her information which is stored in cookie, to over come this problem I have encrypt cookie information, could any one please tell me how we can achieve this if possible with example code or related sites.
Do we have any limitation on cookie data like 20K some thing?

Regards,
Sree
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The simplest rule of thumb is not to put anything sensitive in a cookie.

What are you trying to do?
There might be some better alternatives.
 
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
you might want to look explore how sites like amazon one click work.. simplistically, instead of putting direct sensitive data in the cookie, put a hashed unique client key.. in the code, grab the hashed client key, then look up the client's real information from the db using the client key
 
sridhar lakka
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thanks for your reply.
Could you please tell me the site address where I can get some example code or some useful information?
Can we store cookie value in encrypted format or not?

Regards,
Sree
 
Rancher
Posts: 43045
77
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Several points in no particular order:
  • Ben's question is a good one: why store encrypted data on the client? If you're using cookies anyway, why not make them session cookies, and keep the secret data in a session on the server?
  • The cookie spec specifies what number and size of cookies clients SHOULD support, but that's not guaranteed.
  • Sure you can store encrypted data in cookies. The standard Java API for en-/decryption is called JCE. Note that encrypted data is binary in nature; in order to store it in cookies you'll need to encode it with something like base-64.

  •  
    reply
      Bookmark Topic Watch Topic
    • New Topic