[thelist] Security when managing online sessions
Scott Dexter
sgd at ti3.com
Tue Dec 4 17:25:02 CST 2001
> 128-bit encrypted, can I carelessly throw information like
> usernames and
> passwords across the net and into session vars (cookies)
Session variables are not sent across the net in the first place (What
is sent is a SessionID cookie, and that is a lookup key for the
information in server memory). The cookie would be encrypted, so I'd say
you would get away with it.
Oh, but you might wanna encrypt at least the pwds in the db...
sgd
More information about the thelist
mailing list