that is a good point.
i use a different directory than /tmp/sessions and it is only writable by
the httpd user which is not a user that has logon privileges.
cliff
"Erich L. Markert" wrote:
> >
> > OR if you just want to use a temp storage area then:
> >
> > BEGIN {
> > $ENV{EMBPERL_SESSION_CLASSES} = "FileStore SysVSemaphoreLocker";
> > $ENV{EMBPERL_SESSION_ARGS} = "Directory=/tmp/sessions";
> > }
>
> Ooh... This creates a security problem...
>
> It would be better to create a dedicated directory for session storage
> that was owned and read/writable by the apache userid. Having session
> info in /tmp means ANYONE can read and write to it.
--
___cliff [EMAIL PROTECTED]http://www.genwax.com/
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
