wprins Posted September 28, 2016 Share Posted September 28, 2016 Not wanting to nit pick, but I think some warning and/or improvement may be in order in the LoginForm Cookie demo. The demo directly stores the username and password in plaintext cookies. This is not good practice and should not be encouraged via example. For more see: https://www.troyhunt.com/how-to-build-and-how-not-to-build/ http://security.stackexchange.com/questions/64984/remember-me-cookies-did-i-implement-them-securely http://security.stackexchange.com/questions/44/how-to-securely-implement-a-remember-me-feature Edit: Also: https://paragonie.com/blog/2015/04/secure-authentication-php-with-long-term-persistence#title.2 (Would it be possible to host the demo's on e.g. a github repository? I'd guess lots of people would be happy to submit pull requests for fixes and improvements to the demo applications?) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.