Security advice needed!

Discussion in 'ASP .Net' started by Smith, Dec 4, 2008.

  1. Smith

    Smith Guest

    Hello Gurus,
    I came accross an application where access in every restricted page
    is done by checking a session variable to see if it contains a valid user
    object info. This user object info beeing stored when a succesfull login is
    done by checking a list of valid users/password in the database.

    Can someone point out some potential security risk exposed by this method? I
    have the feeling that it doesn't look good but i need to put in scenarios.

    Any comment will be highly appreciated.

    Smith, Dec 4, 2008
    1. Advertisements

  2. Smith

    cowznofsky Guest

    We have an app where the user's password gets used multiple times, so
    we encrypt it using
    and save it in a session variable.

    On the other hand, if you're just saving a security level that you
    determined at login, then maybe this isn't information that needs to
    be saved.
    cowznofsky, Dec 4, 2008
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.