Is Storing Cookies in a Database Safe?
Posted
by viatropos
on Stack Overflow
See other posts from Stack Overflow
or by viatropos
Published on 2010-04-20T12:38:06Z
Indexed on
2010/04/20
12:43 UTC
Read the original article
Hit count: 170
If I use mechanize, I can, for instance, create a new google analytics profile for a website. I do this by programmatically filling out the login form and storing the cookies in the database. Then, for at least until the cookie expires, I can access my analytics admin panel without having to enter my username and password again.
Assuming you can't create a new analytics profile any other way (with OpenAuth or any of that, I don't think it works for actually creating a new Google Analytics profile, the Analytics API is for viewing the data, but I need to create an new analytics profile), is storing the cookie in the database a bad thing?
If I do store the cookie in the database, it makes it super easy to programatically login to Google Analytics without the user ever having to go to the browser (maybe the app has functionality that says "user, you can schedule a hook that creates a new anaytics profile for each new domain you create, just enter your credentials once and we'll keep you logged in and safe"). Otherwise I have to keep transferring around emails and passwords which seems worse.
So is storing cookies in the database safe?
© Stack Overflow or respective owner