[Phpmyadmin-devel] Themes: Artic Ocean and Smooth Yellow

Michal Čihař michal at cihar.com
Mon Mar 8 17:17:17 CET 2010


Dne Mon, 8 Mar 2010 21:35:08 +0530
Rohit Kalhans <rohit.kalhans at gmail.com> napsal(a):

> Please pardon my ignorance if this question is too trivial but what exactly
> is the problem in storing sensitive user information in the Session
> variables. I mean is it only that when running on a local machine someone
> might see the password in the temporary  session file generated in the temp
> folder or something else?

The problem is that on shared hosting, foreign PHP scripts can have
access to the session data and steal other users credentials (unless
there is something like suexec or similar solution separating users).

	Michal Čihař | http://cihar.com | http://blog.cihar.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: not available
URL: <http://lists.phpmyadmin.net/pipermail/developers/attachments/20100308/278fd564/attachment.sig>

More information about the Developers mailing list