Gossamer Forum
Home : Products : DBMan : Discussions :

Cookies - security

Quote Reply
Cookies - security
I have installed the 'Cookies' mod which allows the user to select a tick box when entering the user name and password so that DBMan will insert the text automatically when that user next logs on.

The log files supplied by my service provider contain the user name and password as entered.

Can anyone advise on the possible security problems associated with this and is there any way to encrypt the entries in the log files?

Thanks in advance for any help or advice you can offer.


Keef

Quote Reply
Re: Cookies - security In reply to
Using client-based cookies (browser) poses many security risks...it is always better to create systems where session/client variables are stored internally within a server log file or database.

Example:

You create a simply cookie with the following information:

UsernameAPasswordADomain

I could go into an end-users computer, copy the cookie file and put it in my machine, voila...I have access to that end-user's record.

Regards,

Eliot Lee