On Mon, Mar 8, 2010 at 9:47 PM, Michal Čihař <michal@cihar.com> wrote:
Hi
Dne Mon, 8 Mar 2010 21:35:08 +0530 Rohit Kalhans <rohit.kalhans@gmail.com> napsal(a):
Please pardon my ignorance if this question is too trivial but what exactly is the problem in storing sensitive user information in the Session variables. I mean is it only that when running on a local machine someone might see the password in the temporary session file generated in the temp folder or something else?
The problem is that on shared hosting, foreign PHP scripts can have access to the session data and steal other users credentials (unless there is something like suexec or similar solution separating users).
Oh, didn't thought of that thanx for that reply
-- Michal Čihař | http://cihar.com | http://blog.cihar.com
------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel
-- Rohit Kalhans