将密码存储在加密的 cookie 中?
[英]Storing a password in an encrypted cookie?
问题描述
I know it is not best practice to store a password in a cookie, even if the data is encrypted.
我知道将密码存储在 cookie 中并不是最佳做法,即使数据已加密。
However, I have a web application that needs to be able to search against Active Directory and, as far as I can tell, it requires that the user first binds using their credentials.但是,我有一个 web 应用程序需要能够搜索 Active Directory,据我所知,它要求用户首先使用他们的凭据进行绑定。 This means that for each search request, I need to pass the user name and password to the DirectoryEntry constructor.这意味着对于每个搜索请求,我需要将用户名和密码传递给 DirectoryEntry 构造函数。
Given these constraints, is there an alternaive to storing the password in a (secure) cookie?鉴于这些限制,是否可以将密码存储在(安全)cookie 中?
In absence of something better (eg getting a service account), the solution that I'm contemplating is either to store the credentials in an encrypted cookie or cache the DirectorySearcher object.在没有更好的东西(例如获取服务帐户)的情况下,我正在考虑的解决方案是将凭据存储在加密的 cookie 中或缓存 DirectorySearcher object。
Thanks谢谢
2 个解决方案
解决方案1
4 已采纳 2011-06-07 07:59:54
You could store the credentials server-side, generate a unique identifier for them, and store this identifier in a cookie.您可以将凭据存储在服务器端,为它们生成唯一标识符,并将此标识符存储在 cookie 中。 You can make the identifier expire if needed.如果需要,您可以使标识符过期。
解决方案2
1 2011-06-08 03:47:33
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.