I am unclear as to why you want to store a password in session. Why
don't you just pass around some type of validated indication and not
the password. Such as login=true;
----- Original Message -----
From: Lorena Carlo <[EMAIL PROTECTED]>
Date: Friday, October 20, 2000 12:12 pm
Subject: How risky it is to store passwords in a session variable
> Hello all,
>
> Can somebody tell me if there is a risk in declaring a session
> variable that
> contains passwords?.
>
> Thanks in advance
>
> Lorena
>
>
========================================================================
===
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets