Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
987 views
in Technique[技术] by (71.8m points)

encryption - Storing sensitive information in session

We are developing a banking app where a sensitive information field would need to be required to be stored in session. (not all sensitive info field, just one).

EDIT: By session, we dont mean in a cookie. Its in the back end session attribute of the application. By the way our app is Java Spring MVC

My question is, from a security perspective, do we still need to encrypt these info when stored in session? We are using HTTPS anyway.

question from:https://stackoverflow.com/questions/65878644/storing-sensitive-information-in-session

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)
Waitting for answers

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...