PDA

View Full Version : Remember password in browser and security.



sirioz10
6 Apr 2011, 3:38 AM
Hi,
I'm working on ajax login window and I want the browsers to remember login and password for this form.
After reading some thread about this and I decided to achieve it using the StateManager, therefore by saving values for login and password in a cookie.
Now, all work fine, but a cookie with login and unencrypted password is now sent through any page request.

So, my question is: what about security?

I've read something about md5 and SHA1 encryption methods, but I can't figure how to implement it, since my server side authentication system already use a similar encryption algoritm before saving passwords in db and before checking them.

Anybody have some good suggestion?

Thanks in advance,
Fausto

mitchellsimoens
6 Apr 2011, 6:35 AM
Most browsers support remembering the username and password and it's more secure. To do this you have to have a form already made and make your FormPanel and fields apply to these.

sirioz10
6 Apr 2011, 7:20 AM
Thanks for the response.

I already valuated this solution but, unless I misunderstood, this method work if login and password are sent through the inline form submit, while I must send them through an xmlhttp call.


Let me know if I'm wrong.

Fausto