Richard Davey wrote:
Agreed totally, I am curious as to why this question seems to get asked a LOT though. I wonder what it is that causes this? (other than inexperience) I mean there must be some common end result these developers are hoping to obtain, resulting in a password being stashed away in a session var.
What about this scenario. A system developed using procedures / functions to update data without direct table access. Bypassing the single user account from the application to the database (which most web based apps use), each procedure requires additional parameters (username,password) which then verifies the user (from a user lookup table) before executing the stored procedure. This makes the system more secure in case the web app username and password is breached which usually has full access to the db.
Of course storing it in a session is a no-no, so what I am trying to get at is,perhaps a reason for storing the password "somewhere".
Your thoughts Richard? Thanks! Warm Regards Terence -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
