On Tue, April 12, 2005 8:03 pm, trlists@xxxxxxxxxx said: > On 11 Apr 2005 Chris Shiflett wrote: > >> > > DO NOT STORE PASSWORDS ON USERS COMPUTER >> > >> > A couple of people have stated this but I think it is incorrect. >> >> Please refrain from such speculation, because it does nothing to improve >> the state of security within our community. This idea of storing >> passwords in cookies is absurd. > > Hmmm, sorry, it wasn't speculation but an opinion in response to what I > thought had moved from a practical into a theoretical discussion. I > agree, storing even an encrypted password in a cookie is a poor idea in > most situations. But to me development is about selecting the right > tool and using it the right way for the job at hand, and as a matter of > principle I'm not convinced that a password stored in some form in a > cookie can never, ever be the right tool for any job -- even if it's > the wrong tool for many or most. Some absolutes are absolute. That's why we call them absolutes. This is one of them. If you can think of a single real-life counter-example, feel free to post it, and shock the world. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
