kurupt_89
Reputation: 1592
session variables classic asp and passwords
Is it safe to store user inputted passwords in session variables which are used in the connection strings to sql server. If not why and what would be a better way of doing this? The passwords are used to read from sql server.
Upvotes: 0
Views: 496
Answers (1)
Andomar
Reputation: 238126
Session state is stored on the server. There is no way for a client to access or change session state, except through code you provide.
The "gold standard" of password storage is to store just the hashed password. But that's not an option if you need the password to connect to the database. So storing it in the session seems like the best way to go.
Upvotes: 1
Related Questions
- How to share ASP classic session variable from ASP to VB6?
- passing session variables from asp code to C# code
- Session Variables Issue in IE8 and Classic ASP
- ASP USER LOGIN SCRIPT
- Using Session values inside VBScript
- How Can I Use Classic ASP Session Object in ASP.NET to Read Session Variables
- Session Variable Attached to String
- Classic ASP Session Variables Lost on Windows Server 2008 R2 / IIS 7
- classic asp password validation sql
- classic asp connection