What is the best way to store username and SHA1 login for an intranet application?
Is session relatively secure way to hold information like multidomain info, username and password hash? I keep them as Session["data"] = customObject()
Do I need to do any additional step to make those data secure? Is there a potential security problem or hole which can be compromised? Some kind of session injection? Should I use some privatekey process to lock/open session data for reading?
See Question&Answers more detail:os