For the most part, yes, it is fine. Because session variables are maintained on the server, many risks are not a concern.
Ok. So it's more or less safe, at least as long as the server is locked down. But someone, on this list or somewhere else, I don't remember, pointed out that if my site gets a lot of visitors, loading username, password and hostname for MySQL-connections in session variables causes a lot of overhead.
So: What's the best way - in terms of security AND performance - to store and access username, password and hostname for my MySQL connections?
PHP Security Handbook Coming mid-2004
Nice. From which publisher?
-- anders thoresson
-- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php