On 4/9/2005 3:33:50 PM, trlists@xxxxxxxxxx wrote: > On 9 Apr 2005 John Nichel wrote: > > > > > While it is not absolute that you > can't store passwords in a cookie, it > > is an absolute that you _shouldn't_ > > > > Sorry, I > don't agree. There are very few absolute rules in software > development. > > For sites accessing sensitive information or that allow spending money, > I would not store anything in a cookie that permitted a login. > > However, for something like a web-based discussion board where I don't > > > really care if a person who sits at my computer or a thief who robs my > > house gets access, I think it is not a big deal. I might, depending on > > the needs, store a hash code as others have suggested, or an encrypted > > version of the password, with user permission of course. > > > > There is almost always a tradeoff between convenience and risk. > > Sometimes convenience is far more important. Often risk is. > > > > > This certainly has turned out to be an interesting discussion.....I usually send the info via sessions...how bad is that? Thanks, Ryan -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.5 - Release Date: 4/7/2005 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
