On Tue, November 8, 2005 3:48 pm, Tony Di Croce wrote: > Oops! > > I meant SESSION[]! Thanks guys... > > So then the question becomes, is storing stuff in SESSION[] insecure? > Is > their any point to encrypting what a store in SESSION[]?
On a shared server, this would be a really Good Idea (tm) if other users co-hosted on that server can read your session files. On a dedicated server, it could be considered a Defense in Depth technique, so that if somebody manages to get logged in, they can't as quickly and easily start snagging PHP session data... If that's what they were after in the first place. You have to weigh benefits and risks of what you are storing as well. If all you store about me is that I want "bluesilver" for my Forum skin, well, whoop-de-doo if somebody else reads that. If you're storing my PASSWORD in there, and I'm probably using the same damn stupid password for all these thousand forum logins, then, yeah, maybe you oughta protect that pretty hard. PS Still want to be careful about dumping out $_SESSION in all its glory. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
