Hi there, I did recently read an article about security. Now I absolutly see the need of recoding my authentification procedure on a community site.
There are questions I hoped some of you guys can answer.... 1. Is storing sensitive data like permission level secure in session variables? 2. What could be a good way to session register a user and know which users are online, know their permission level in congungtion with a MySQL db? 3. Is it better to store the needed info about the user in a db table holding all current sessions, or to store it in more than 1 session variable. 4. Maybe someone can relate to a good site dealing with security issuses on this topic. I would really like to avoid that some hacker gets admin access on my website :-) Thanx for any hints, Cheers Andy -- PHP Database Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php