We are developing a banking app where a sensitive information field would need to be required to be stored in session. (not all sensitive info field, just one).
EDIT: By session, we dont mean in a cookie. Its in the back end session attribute of the application. By the way our app is Java Spring MVC
My question is, from a security perspective, do we still need to encrypt these info when stored in session? We are using HTTPS anyway.
question from:
https://stackoverflow.com/questions/65878644/storing-sensitive-information-in-session 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
