Re: Doubt regarding session_destroy() in PHP 5

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Wed, Jul 22, 2009 at 2:46 PM, Ashley Sheridan
<ash@xxxxxxxxxxxxxxxxxxxx>wrote:

> On Wed, 2009-07-22 at 03:45 +0700, Lenin wrote:
>


> > >
> > As Floyd suggested keeping your sessions in the DB will give you better
> > session management and security as well.
>
> Why would putting the session data in a database offer more security?
> I'm not meaning to try and poke holes in your idea, I genuinely don't
> know the answer!
>
> *Storing Session Data In A Database
*When you use on-disk files to store session data, those files must be
readable and writeable by PHP. On a multi-user hosting system, it is
possible for other users to access your session data through the PHP process
(but see the commentary on open_basedir in part 5 of this series. The best
way to secure your session data is to store it in a database.

source: http://www.acunetix.com/websitesecurity/php-security-6.htm

I have also studied Zend Certification Study guide by Davey Shafik and Ben
Ramsey who said similar things in the book.


Lenin

http://twitter.com/nine_L

[Index of Archives]     [PHP Home]     [Apache Users]     [PHP on Windows]     [Kernel Newbies]     [PHP Install]     [PHP Classes]     [Pear]     [Postgresql]     [Postgresql PHP]     [PHP on Windows]     [PHP Database Programming]     [PHP SOAP]

  Powered by Linux