8 Mar
2010
8 Mar
'10
7:17 p.m.
Hi
Dne Mon, 8 Mar 2010 21:35:08 +0530
Rohit Kalhans <rohit.kalhans(a)gmail.com> napsal(a):
Please pardon my ignorance if this question is too
trivial but what exactly
is the problem in storing sensitive user information in the Session
variables. I mean is it only that when running on a local machine someone
might see the password in the temporary session file generated in the temp
folder or something else?
The problem is that on shared hosting, foreign PHP scripts can have
access to the session data and steal other users credentials (unless
there is something like suexec or similar solution separating users).
--
Michal Čihař | http://cihar.com | http://blog.cihar.com