So, if somebody gets an ftp account somehow, he will be able to get session vars via a system() command?
----- Original Message ----- From: "Ilia A." <[EMAIL PROTECTED]> To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" <[EMAIL PROTECTED]> Sent: Thursday, August 15, 2002 1:27 AM Subject: Re: [PHP] SESSION Security > If a person 'somehow' gains read access to the directory where the sessions > are stored on your server, then yes it is possible for them to get the > session id. > > Ilia > > On August 14, 2002 06:41 pm, Sascha Braun wrote: > > Is it possible that someone from outside can read the session stored > > on my webserver for getting unencrypted password and usernames? > > > > Schura > > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
