Re: Storing password in cookie

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Richard Lynch wrote:
On a shared server, every other PHP scripter can read your session data,
if they work at it a little bit.

You should mention that this is assuming a default configuration. There are ways to avoid this.


For truly sensitive stuff like a CC#, do *NOT* put that in session data.
Write your script to get the CC# via SSL, process it, and throw it away,
all in one single PHP script.

This is good advice, but if there is a business need to store the credit card number (for whatever reason), it's not necessarily always best to avoid storing it in the session.


Performance considerations can require that you couple its retrieval with other session data rather than incur the extra expense. It's just one of those things that is a little bit application-specific.

Chris

--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux