Autologin cookie should be encoded with real encryption

XMLWordPrintable

    • Type: Improvement
    • Resolution: Fixed
    • Priority: Medium
    • 0.10
    • Affects Version/s: None
    • None

      The autologin cookie currently isn't encrypted, which is rather alarming considering it contains the user name and password. Instead, it is XOR'ed with character offsets, which is insecure. The text, if we really need to put a user name and password in there, needs to be encrypted with a real encryption algorithm.

            Assignee:
            Don Brown (Inactive)
            Reporter:
            Don Brown (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved:

                Estimated:
                Original Estimate - 2h
                2h
                Remaining:
                Remaining Estimate - 2h
                2h
                Logged:
                Time Spent - Not Specified
                Not Specified