I am considering storing user-entered password in session state. Are there any security risks or issues that I need to be aware?
I am considering storing user-entered password in session state. Are there any security risks
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
I am considering storing user-entered password in session state. Are there any security risks or issues that I need to be aware?
Yes. This is just a really bad idea. You shouldn’t even store passwords in a database – best practice is to store hashes of passwords instead. So you can validate the password but if somebody gets access to the database (or session state in your case), they don’t actually have the user’s password.