On Saturday 09 April 2005 21:33, trlists@xxxxxxxxxx wrote: > On 9 Apr 2005 John Nichel wrote: > > While it is not absolute that you can't store passwords in a cookie, > > it is an absolute that you _shouldn't_ > > Sorry, I don't agree. There are very few absolute rules in software > development. But in this case there really is no reason *why* you need to store a password (encrypted or otherwise). > I might, depending on > the needs, store a hash code as others have suggested Why not in *all* cases? > Sometimes convenience is far more important. Often risk is. I can't see where the convenience lies. For you as a developer, you've already got the necessary code to do the token thing so there is practically no difference whether you use a token or a password. For the user, what are they going to do with an encrypted password -- are you going to tell them how to decrypt in the case that they have forgotten the password? -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * ------------------------------------------ Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general ------------------------------------------ New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
