Is it safe to store user inputted passwords in session variables which are used in the connection strings to sql server. If not why and what would be a better way of doing this? The passwords are used to read from sql server.
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
Is it safe to store user inputted passwords in session variables which are used in the connection strings to sql server. If not why and what would be a better way of doing this? The passwords are used to read from sql server.
Session state is stored on the server. There is no way for a client to access or change session state, except through code you provide.
The “gold standard” of password storage is to store just the hashed password. But that’s not an option if you need the password to connect to the database. So storing it in the session seems like the best way to go.