I've seen this done. I think (could be wrong) that Minivend, or was it
Perlshop, does something like this.
I, personnally, always get nervous (call me paranoid) when data is
residing off a directory that is accessible by httpd daemon - one admin
configuration mistake and viola! instant access to sensitive material.
Jon Brisbin wrote:
>
> > Why not pass back the session key and forget the ../tmp portion of the
> > URL?
>
> I was just thinking out loud...
>
> ...saying that if you happened to know a valid session id (very unlikely,
> since it uses cookies), it's still not possible to view the contents of the
> session file in a browser because the server would try to execute that file
> and give a 500 error...so storing session data in ~/httpd/cgi-bin/tmp is
> pretty safe it would seem to me...just thinking out loud :-)
>
> jb
--
__________________________________________________________
Mr. Erich L. Markert [EMAIL PROTECTED]
Computer Learning Center TEL (914)422-4328
Pace University
1 Martine Ave
White Plains, New York 10606-1932
Those who do not understand Unix are condemned to reinvent it, poorly.
-- Henry Spencer
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
