Secure way to handle pw on session.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



 Hi,

 I noticed session files are kept on /tmp for a while, and even if they were immediately deleted, well, someone could use one of my php scripts to inject code and read them, since they belong to the httpd user.
 What's the best way to receive passwords thru a form and store them in the $_SESSION while I process other information to decide whether or not that user is able to proceed and login (check to see if user is also allowed to use that service, not just validate user/pw)? I use https, always, no plain http is used.

 Thanks

=


-- 
Powered by Outblaze

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux