This week's book giveaway is in the Spring forum.
We're giving away four copies of Spring in Action (5th edition) and have Craig Walls on-line!
See this thread for details.
Win a copy of Spring in Action (5th edition) this week in the Spring forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Bear Bibeault
  • Devaka Cooray
  • Liutauras Vilda
  • Jeanne Boyarsky
Sheriffs:
  • Knute Snortum
  • Junilu Lacar
  • paul wheaton
Saloon Keepers:
  • Ganesh Patekar
  • Frits Walraven
  • Tim Moores
  • Ron McLeod
  • Carey Brown
Bartenders:
  • Stephan van Hulst
  • salvin francis
  • Tim Holloway

Passwords and Cookies in Servlets - 4b  RSS feed

 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi All,

I'm getting back into the saddle here after a few months out to pasture and had a couple questions regarding Servlets 4b.
It mentions the method to retrieve values from a Cookie. But, the instructions do not mention what we should do with this value.

Are we supposed to compare the value of the cookie to some expected value? In this case it is a password. But the only way to do that is to store the password as a string when it is entered. I thought it was not a good idea to store passwords in this way.

Am I missing something or did you have something different in mind?
 
Trailboss
Posts: 22855
Firefox Browser IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Never store passwords in cookies.

In fact, when you get a little more skill under your belt, you should never store a password ever. But that is another discussion for another day.

What you are going to do is to store something in the cookie that is your own personal proof that you know that you wrote that, not some hacker. For the sake of this assignment, response.addCookie( new Cookie("favorite_cheese", "extra stinky bloo cheese") ); is acceptable. For the real world when the data does not have particularly great value, writing "dfwegx", "94tuw62k" is probably good enough. For higher security, you might work in an obfuscated time/date algorithm with a CRC or rich hash.

 
Don't get me started about those stupid light bulbs.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!