8 Mar
2010
8 Mar
'10
5:17 p.m.
Hi
Dne Mon, 8 Mar 2010 21:35:08 +0530 Rohit Kalhans rohit.kalhans@gmail.com napsal(a):
Please pardon my ignorance if this question is too trivial but what exactly is the problem in storing sensitive user information in the Session variables. I mean is it only that when running on a local machine someone might see the password in the temporary session file generated in the temp folder or something else?
The problem is that on shared hosting, foreign PHP scripts can have access to the session data and steal other users credentials (unless there is something like suexec or similar solution separating users).
--
Michal Čihař | http://cihar.com | http://blog.cihar.com