Re: storing passwords in $_SESSION

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

To: Dan Brow <dan@xxxxxxxxxxxxxxx>
Subject: Re: storing passwords in $_SESSION
From: Philip Hallstrom <php@xxxxxxxxxxxxxxx>
Date: Mon, 10 Oct 2005 11:38:16 -0700 (PDT)
Cc: PHP-Users <php-general@xxxxxxxxxxxxx>
In-reply-to: <1128969811.20697.17.camel@localhost>
List-help: <mailto:php-general-help@lists.php.net>
List-post: <mailto:php-general@lists.php.net>
List-unsubscribe: <mailto:php-general-unsubscribe@lists.php.net>
References: <1128969811.20697.17.camel@localhost>

How secure is it to save a password in $_SESSION.

i.e. $_SESSION['password']

is it safe and is it practical?

Probably not. If you're on a shared server, I could write a PHP script tolook in /tmp and read the contents of every session file there...


-philip

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

References:
- storing passwords in $_SESSION
  - From: Dan Brow

Prev by Date: RE: storing passwords in $_SESSION
Next by Date: Re: storing passwords in $_SESSION
Previous by thread: storing passwords in $_SESSION
Next by thread: Re: storing passwords in $_SESSION
Index(es):
- Date
- Thread

[Index of Archives] [PHP Home] [Apache Users] [PHP on Windows] [Kernel Newbies] [PHP Install] [PHP Classes] [Pear] [Postgresql] [Postgresql PHP] [PHP on Windows] [PHP Database Programming] [PHP SOAP]

Powered by Linux