Cleartext password in cookies
Hello,
I couldn't help but notice that when I log into OpManager with the "Keep me signed in" box checked, my username and password are saved in plaintext in cookies. Is there a better way something like this might be accomplished? This seems like it could be a pretty big security issue, especially since the cookies aren't even set as Secure.
My knowledge of web security is pretty limited, but I don't feel very comfortable knowing my password is floating around freely, especially if it's a password I use in a number of more critical services.
I am also interested in adding in the Active Directory synching with build 9400. I have yet to try it, but I'm assuming a similar thing would happen if I checked the "Keep me signed in" box. I would be even more worried knowing that my AD username and password were in plaintext as well.
Is there currently anything I can do on the server to secure this information by default? I already have HTTPS enabled on the server, but I'm sure that's not really enough.
Please advise.
Thanks
I couldn't help but notice that when I log into OpManager with the "Keep me signed in" box checked, my username and password are saved in plaintext in cookies. Is there a better way something like this might be accomplished? This seems like it could be a pretty big security issue, especially since the cookies aren't even set as Secure.
My knowledge of web security is pretty limited, but I don't feel very comfortable knowing my password is floating around freely, especially if it's a password I use in a number of more critical services.
I am also interested in adding in the Active Directory synching with build 9400. I have yet to try it, but I'm assuming a similar thing would happen if I checked the "Keep me signed in" box. I would be even more worried knowing that my AD username and password were in plaintext as well.
Is there currently anything I can do on the server to secure this information by default? I already have HTTPS enabled on the server, but I'm sure that's not really enough.
Please advise.
Thanks