On Mon, Mar 8, 2010 at 9:47 PM, Michal Čihař michal@cihar.com wrote:
Hi
Dne Mon, 8 Mar 2010 21:35:08 +0530 Rohit Kalhans rohit.kalhans@gmail.com napsal(a):
Please pardon my ignorance if this question is too trivial but what
exactly
is the problem in storing sensitive user information in the Session variables. I mean is it only that when running on a local machine someone might see the password in the temporary session file generated in the
temp
folder or something else?
The problem is that on shared hosting, foreign PHP scripts can have access to the session data and steal other users credentials (unless there is something like suexec or similar solution separating users).
Oh, didn't thought of that
thanx for that reply
-- Michal Čihař | http://cihar.com | http://blog.cihar.com
Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ Phpmyadmin-devel mailing list Phpmyadmin-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/phpmyadmin-devel