Thanks Alexandre!! Just couple of doubts... what do u mean by "It doesn't encrypt the values stored on the client. You have to do it yourself." ?? Does that mean that the values will be visible in clear text?? How can i check how the data is getting encrypted over the network?? Do i need to use some tool for it?? Actually, before implementing it, i need to tell all the pros and cons for secured Cookies to my client. So, i need to do my homework thoroughly.
On 12/14/05, Alexandre Poitras <[EMAIL PROTECTED]> wrote: > > If you set this property to true, your cookie will be sent over an > HTTP/SSL (https) connection. What it means is that every value to be > stored in this cookie are encrypted before being sent on the network. > This way, any malicious third party who are *sniffing* the network > can't read the values to be stored in this cookie. You should only use > it if you store sensible information in the cookie that you don't want > anyone to intercept. But be warned that the cookie can still be > accessed by the client, so it isn't the best place to store password > unless you use encrypted values. Cookie.setSecure() only encrypt data > sent on the network wich are decrypted by the client when they are > received. It doesn't encrypt the values stored on the client. You have > to do it yourself. > > On 12/13/05, Deepa Khetan <[EMAIL PROTECTED]> wrote: > > Hi!! > > I am not geting any help from net about this issue. So, postin this > question > > on this group. > > I want to know exactly what difference does it make if i set > > Cookie.setSecure(true)?? I am using SSL in my application. What are the > > advantages or disadvantages of doing it from security point of view. > > > > Please help > > > > Deepa > > > > > > > -- > Alexandre Poitras > Québec, Canada > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > >
