storing`passwords in cookies

Discussion in 'ASP .Net' started by Jason, Dec 29, 2003.

  1. Jason

    Jason Guest

    I have a .net application with forms authentication. I
    need to store the password entered at the login screen for
    later use. I can either store it in a session object or in
    the forms authentication ticket. I think the ticket is the
    right place because the password is a property of the
    user, and therefore part of the identity. I know it will
    be encrypted before it is written to the cookie but is
    this the right answer? How safe is the password?
     
    Jason, Dec 29, 2003
    #1
    1. Advertising

  2. Anytime you send something out to the client, there is a possibility of
    compromise. While it is slim, you should consider it. In general, I create a
    user object and use it to store reused variables. It can be placed in
    session. I would not put the password, as you should not need it agani.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    **********************************************************************
    Think Outside the Box!
    **********************************************************************
    "Jason" <> wrote in message
    news:056901c3cdf2$e836c8b0$...
    > I have a .net application with forms authentication. I
    > need to store the password entered at the login screen for
    > later use. I can either store it in a session object or in
    > the forms authentication ticket. I think the ticket is the
    > right place because the password is a property of the
    > user, and therefore part of the identity. I know it will
    > be encrypted before it is written to the cookie but is
    > this the right answer? How safe is the password?
     
    Cowboy \(Gregory A. Beamer\), Dec 29, 2003
    #2
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VB Programmer

    Storing passwords in database

    VB Programmer, Nov 29, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    675
    Andy G
    Nov 29, 2004
  2. toton
    Replies:
    11
    Views:
    737
    toton
    Oct 13, 2006
  3. Jonathan Wood
    Replies:
    1
    Views:
    530
    Jonathan Wood
    Jun 2, 2008
  4. _Who
    Replies:
    7
    Views:
    2,768
  5. Paul Hadfield

    Accessing Active Directory and Storing Passwords

    Paul Hadfield, Jun 13, 2007, in forum: ASP .Net Security
    Replies:
    1
    Views:
    224
    Joe Kaplan
    Jun 14, 2007
Loading...

Share This Page