Re: keeping credit card info in session

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

At 8:05 AM -0400 4/10/07, Eric Butera wrote:

Did you know sessions are just plain text files sitting on the
webserver in most cases?  So by putting a credit card in the session
it is actually just cleartext for people to read.


Yes, all files reside somewhere.
Session files reside on the server and are as secure as the server environment. If someone breaches the server environment, then all data could exposed and is an excellent reason why not to store highly sensitive data there. 

Cheers,

tedd
--
-------
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux