I am creating a website that allows users to create accounts and access the contents of the site. I don’t want users to register every time they visit the site, so I plan to store the username and password in a cookie. However, I heard that this is bad practice, even if the password hashed a cookie.
What "best practices" should be followed to safely remember user credentials between visits to my website?
Never do that. Throw passwords in the open.
The safest method:
, - , - - , . , . , , (, 15 ). cookie.
, , , , , , . , cookie. , cookie.
Edit:
. .
. , , . , , , , md5 sha.
, - , , . attacs .. , cookie . 100% .
, https. cookie .
:
IP- . IP- NAT ..
, , .
, , , .
cookie. .
. ?
cookie " ".
However, for sensitive areas of the system, you need to know that the user has entered the system into cached credentials so that you can offer a username / password prompt before allowing them to do any real damage. This can be held as a session-based flag.
Source: https://habr.com/ru/post/1704120/More articles:Video editing tools on the command line - command-lineIs there a TFS tutorial for editing workflow? - tfsfingerprint verification - authenticationДобавить пользовательский сертификат для iphone HTTP API - objective-cStatic variables and methods - javaHow to install python sphinx documentation generator on Linux? - pythonhttps://translate.googleusercontent.com/translate_c?depth=1&pto=aue&rurl=translate.google.com&sl=ru&sp=nmt4&tl=en&u=https://fooobar.com/questions/1704122/alternatives-to-web-application&usg=ALkJrhihOGJ33g_w4Va2-wcGuoGIUWhyeQSyntax highlighting for PXSL? - xmlCall GetObjectData to serialize - c #Creating and displaying a PDF file in Flex / Java - javaAll Articles