Re: How risky it is to store passwords in a session variable

T A Flores Fri, 20 Oct 2000 13:00:37 -0700

I am unclear as to why you want to store a password in session.  Why
don't you just pass around some type of validated indication and not
the password.  Such as login=true;

----- Original Message -----
From: Lorena Carlo <[EMAIL PROTECTED]>
Date: Friday, October 20, 2000 12:12 pm
Subject: How risky it is to store passwords in a session variable

> Hello all,
>
> Can somebody tell me if there is a risk in declaring a session
> variable that
> contains passwords?.
>
> Thanks in advance
>
> Lorena
>
>
========================================================================
===
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
>

===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:

 http://java.sun.com/products/jsp/faq.html
 http://www.esperanto.org.nz/jsp/jspfaq.html
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
 http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets

Re: How risky it is to store passwords in a session variable

Reply via email to