Store everything in the database in an encrypted form.
Stuart Dallas wrote:
On 22 Dec 2011, at 19:34, Paul M Foster
wrote:
I have concerns that the items in a
session buffer can be copied and
used to spoof legitimate
logins. This is harder to do when the info is
held in a
database.
On 12/22/2011 10:05 AM, Paul M Foster wrote:
Not sure how to ask this question... I've always eschewed consulting a
database on page loads to determine if a user is logged in, primarily
because of latency issues. For example, you could store a nonce like the
session ID in a table for a user
On Thu, Dec 22, 2011 at 12:55:41PM -0500, Al wrote:
On 12/22/2011 10:05 AM, Paul M Foster wrote:
Not sure how to ask this question... I've always eschewed consulting a
database on page loads to determine if a user is logged in, primarily
because of latency issues. For example, you could
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
I have concerns that the items in a session buffer can be copied and
used to spoof legitimate logins. This is harder to do when the info is
held in a database.
Storing stuff in a database is no more secure, it simply requires one single
extra
On 12/22/2011 2:54 PM, Stuart Dallas wrote:
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
I have concerns that the items in a session buffer can be copied and
used to spoof legitimate logins. This is harder to do when the info is
held in a database.
Storing stuff in a database is no more
5 matches
Mail list logo
