storing`passwords in cookies

Discussion in 'ASP .Net' started by Jason, Dec 29, 2003.

  1. Jason

    Jason Guest

    I have a .net application with forms authentication. I
    need to store the password entered at the login screen for
    later use. I can either store it in a session object or in
    the forms authentication ticket. I think the ticket is the
    right place because the password is a property of the
    user, and therefore part of the identity. I know it will
    be encrypted before it is written to the cookie but is
    this the right answer? How safe is the password?
     
    Jason, Dec 29, 2003
    #1
    1. Advertisements

  2. Anytime you send something out to the client, there is a possibility of
    compromise. While it is slim, you should consider it. In general, I create a
    user object and use it to store reused variables. It can be placed in
    session. I would not put the password, as you should not need it agani.

    --
    Gregory A. Beamer
    MVP; MCP: +I, SE, SD, DBA

    **********************************************************************
    Think Outside the Box!
    **********************************************************************
    "Jason" <> wrote in message
    news:056901c3cdf2$e836c8b0$...
    > I have a .net application with forms authentication. I
    > need to store the password entered at the login screen for
    > later use. I can either store it in a session object or in
    > the forms authentication ticket. I think the ticket is the
    > right place because the password is a property of the
    > user, and therefore part of the identity. I know it will
    > be encrypted before it is written to the cookie but is
    > this the right answer? How safe is the password?
     
    Cowboy \(Gregory A. Beamer\), Dec 29, 2003
    #2
    1. Advertisements

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. VB Programmer

    Storing passwords in database

    VB Programmer, Nov 29, 2004, in forum: ASP .Net
    Replies:
    4
    Views:
    827
    Andy G
    Nov 29, 2004
  2. Alex Nitulescu

    Response.Cookies vs Request.Cookies

    Alex Nitulescu, Feb 3, 2005, in forum: ASP .Net
    Replies:
    1
    Views:
    9,436
    Hans Kesting
    Feb 3, 2005
  3. Andy Fish
    Replies:
    3
    Views:
    6,876
    Fredrik Lindner
    Nov 6, 2003
  4. toton
    Replies:
    11
    Views:
    982
    toton
    Oct 13, 2006
  5. Jonathan Wood
    Replies:
    1
    Views:
    722
    Jonathan Wood
    Jun 2, 2008
  6. _Who
    Replies:
    7
    Views:
    3,164
  7. Paul Hadfield

    Accessing Active Directory and Storing Passwords

    Paul Hadfield, Jun 13, 2007, in forum: ASP .Net Security
    Replies:
    1
    Views:
    336
    Joe Kaplan
    Jun 14, 2007
  8. Brian Burgess

    Storing Cookies

    Brian Burgess, Sep 10, 2003, in forum: ASP General
    Replies:
    4
    Views:
    178
    Mike Moore [MSFT]
    Sep 12, 2003
Loading...