[ic] Login Cookie
Russell Mann
tech at khouse.org
Mon Dec 6 19:36:37 EST 2004
Hello,
A customer complained about setting the username and password in a cookie
for "auto-login." A look at this page:
http://www.icdevgroup.org/i/dev/docfly.html?mv_arg=icconfig05%2e13
Shows this is what happens. Is there a good reason security-wise to use an
md5 hash table or some other form of unique identification for auto-login,
rather than username/password in a cookie?
Anyone else have concerns about this?
Thanks,
Russell Mann
More information about the interchange-users
mailing list