So, if somebody gets an ftp account somehow, he will be able to get session
vars via a system() command?
----- Original Message -----
From: "Ilia A." <[EMAIL PROTECTED]>
To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste"
Sent: Thursday, August 15, 2002 1:27 AM
Subject: Re: [PHP] SESSION Security
> If a person 'somehow' gains read access to the directory where the
> are stored on your server, then yes it is possible for them to get the
> session id.
> On August 14, 2002 06:41 pm, Sascha Braun wrote:
> > Is it possible that someone from outside can read the session stored
> > on my webserver for getting unencrypted password and usernames?
> > Schura
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php