Sending this to summarize the discussion we had about it, storing the password in the session isn't a big security issue since reading values from the session isn't as easy as opitzfamilys though.
That said, the password is no longer saved in the session in the encryption branch which will be merged for the next release. - Robin Appelman On Thu, Dec 22, 2011 at 12:05, Simon Opitz <[email protected]> wrote: > today I found out that the users password is being stored in the session > variables in clear text. > you might want to delete line 197 in user.php to get rid this security issue > ;) > > opitzfamilys > > _______________________________________________ > Owncloud mailing list > [email protected] > https://mail.kde.org/mailman/listinfo/owncloud > _______________________________________________ Owncloud mailing list [email protected] https://mail.kde.org/mailman/listinfo/owncloud
