dsn1327 2011-03-08 14:04
浏览 86
已采纳

PHP - 在cookie中存储密码是否安全? [重复]

Possible Duplicate:
PHP storing password in cookie

In a login system, if a user want to stay logged in, then the password needs to be stored in the browser cookie. I have been gone through many previous questions on SO, and found out that its not any secure to store the password in the browser cookie. I wonder if I do sth like

$string = 'snfcikkfbnvekrew';
    $salt = md5($passwrod.$string); 
    $password = md5(sha1(md5("$salt$string$salt")));  //or some other random sequence of encryption functions

I'm just curious to learn what kind of attacks can be performed if someone accesses the cookie?

  • 写回答

6条回答 默认 最新

  • dougong1031 2011-03-08 14:09
    关注

    Why do you need to store the password in the cookie? Why not some other user identifier, such as an internal user ID or some temporary value of some kind?

    "Store" and "password" are two words that should very rarely be used together, and when they are that use should be scrutinized carefully.

    本回答被题主选为最佳回答 , 对您是否有帮助呢?
    评论
查看更多回答(5条)

报告相同问题?

悬赏问题

  • ¥35 平滑拟合曲线该如何生成
  • ¥100 c语言,请帮蒟蒻写一个题的范例作参考
  • ¥15 名为“Product”的列已属于此 DataTable
  • ¥15 安卓adb backup备份应用数据失败
  • ¥15 eclipse运行项目时遇到的问题
  • ¥15 关于#c##的问题:最近需要用CAT工具Trados进行一些开发
  • ¥15 南大pa1 小游戏没有界面,并且报了如下错误,尝试过换显卡驱动,但是好像不行
  • ¥15 自己瞎改改,结果现在又运行不了了
  • ¥15 链式存储应该如何解决
  • ¥15 没有证书,nginx怎么反向代理到只能接受https的公网网站