On Wed, 2002-10-09 at 08:20, Erik Forsberg wrote: > I could store the users' password in the session, but that feels so > very wrong - from a security point of view, I dont' want to store the > password anywhere if an attacker gains access to the session store.
I'd put this sort of information in a module global -- i.e., in memory. It's fairly secure there (especially compared to something that might get pickled to disk). Treat it like a cache, and then recreate connections or such as necessary. Ian ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Webware-discuss mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/webware-discuss
