Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Cookies in encrypted form

 
sridhar lakka
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,
Thanks in advance.
I am familiar in normal cookies like how to add the information into Cookie and how to retrive data from cookie, but user/client can change his/her information which is stored in cookie, to over come this problem I have encrypt cookie information, could any one please tell me how we can achieve this if possible with example code or related sites.
Do we have any limitation on cookie data like 20K some thing?

Regards,
Sree
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The simplest rule of thumb is not to put anything sensitive in a cookie.

What are you trying to do?
There might be some better alternatives.
 
kelby zorgdrager
Greenhorn
Posts: 12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
you might want to look explore how sites like amazon one click work.. simplistically, instead of putting direct sensitive data in the cookie, put a hashed unique client key.. in the code, grab the hashed client key, then look up the client's real information from the db using the client key
 
sridhar lakka
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks for your reply.
Could you please tell me the site address where I can get some example code or some useful information?
Can we store cookie value in encrypted format or not?

Regards,
Sree
 
Ulf Dittmer
Rancher
Posts: 42968
73
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Several points in no particular order:
  • Ben's question is a good one: why store encrypted data on the client? If you're using cookies anyway, why not make them session cookies, and keep the secret data in a session on the server?
  • The cookie spec specifies what number and size of cookies clients SHOULD support, but that's not guaranteed.
  • Sure you can store encrypted data in cookies. The standard Java API for en-/decryption is called JCE. Note that encrypted data is binary in nature; in order to store it in cookies you'll need to encode it with something like base-64.

  •  
    • Post Reply
    • Bookmark Topic Watch Topic
    • New Topic