• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Liutauras Vilda
  • Bear Bibeault
  • Junilu Lacar
  • Martin Vashko
Sheriffs:
  • Jeanne Boyarsky
  • Tim Cooke
  • Knute Snortum
Saloon Keepers:
  • Ron McLeod
  • Tim Moores
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Scott Selikoff
  • salvin francis
  • Piet Souris

Password in Cookie

 
Ranch Hand
Posts: 239
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I use firefox browser. With the help of Web Developer plugin I saw the cookies set by the Javaranch site.
I notice the password is being stored in plain text in the cookie.

Is this acceptable? Can it not even be encrypted?

The cookie name starts with ubber.

Where's the security?
 
Ranch Hand
Posts: 8934
Firefox Browser Spring Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes the password is stored in cookie and it is visible when you open the cookie. JR is not so secure.
 
Rancher
Posts: 43011
76
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, it's not ideal, but it's what the current software supports.

On the other hand, even an encrypted cookie would not stop someone else who's sitting at your machine to use your JR account. If you're on a shared machine, you should delete all cookies (and history etc.) anyway when you're done. Or are you worried about someone snooping the TCP/IP connection, and catching the cookie in transit?
 
Sheriff
Posts: 11343
Mac Safari Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ha! Now I know my password!
 
Without subsidies, chem-ag food costs four times more than organic. Or this tiny ad:
Java file APIs (DOC, XLS, PDF, and many more)
https://products.aspose.com/total/java
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!