It really depends on your company's or your customer's auditors and if they
view this as a security exposure.
-----Original Message-----
From: Lorena Carlo [mailto:[EMAIL PROTECTED]]
Sent: Friday, October 20, 2000 4:19 PM
To: [EMAIL PROTECTED]
Subject: Re: How risky it is to store passwords in a session variable
Hello all, Thanks for the answers, but you haven't really answer me if it is
dangerous to do this or not. The reason why I want to do this is for
validating a user after he has accessed the program, I want him to re-enter
the password for some operations, and I don't want to access again the
database, so I want to validate it with the session variable.
Please answer me the question, and give alternatives if this is dangerous.
Thanks in advance
Lorena
----- Original Message -----
From: T A Flores <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, October 20, 2000 3:01 PM
Subject: Re: How risky it is to store passwords in a session variable
> I am unclear as to why you want to store a password in session. Why
> don't you just pass around some type of validated indication and not
> the password. Such as login=true;
>
> ----- Original Message -----
> From: Lorena Carlo <[EMAIL PROTECTED]>
> Date: Friday, October 20, 2000 12:12 pm
> Subject: How risky it is to store passwords in a session variable
>
> > Hello all,
> >
> > Can somebody tell me if there is a risk in declaring a session
> > variable that
> > contains passwords?.
> >
> > Thanks in advance
> >
> > Lorena
> >
> >
> ========================================================================
> ===
> > To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
> > JSP-INTEREST".
> > Some relevant FAQs on JSP/Servlets can be found at:
> >
> > http://java.sun.com/products/jsp/faq.html
> > http://www.esperanto.org.nz/jsp/jspfaq.html
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> > http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
> >
>
>
===========================================================================
> To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
> Some relevant FAQs on JSP/Servlets can be found at:
>
> http://java.sun.com/products/jsp/faq.html
> http://www.esperanto.org.nz/jsp/jspfaq.html
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
> http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff
JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
===========================================================================
To unsubscribe: mailto [EMAIL PROTECTED] with body: "signoff JSP-INTEREST".
Some relevant FAQs on JSP/Servlets can be found at:
http://java.sun.com/products/jsp/faq.html
http://www.esperanto.org.nz/jsp/jspfaq.html
http://www.jguru.com/jguru/faq/faqpage.jsp?name=JSP
http://www.jguru.com/jguru/faq/faqpage.jsp?name=Servlets
