Reply to Re: [PHP] Storing password in cookie

Your name:

Reply:


Posted by Joe Wollard on 04/12/05 20:05

> On a shared server, every other PHP scripter can read your session data,
> if they work at it a little bit.

If you're on a shared server I think a good option for you might be to
store the sessions in your database. At least then you know that as long
as long as your db server doesn't have any security issues your session
data should be safe.

See http://us2.php.net/manual/en/function.session-set-save-handler.php
for more details on building a custom session handler.

Chris Shiflett wrote:

> Richard Lynch wrote:
>
>> On a shared server, every other PHP scripter can read your session data,
>> if they work at it a little bit.
>
>
> You should mention that this is assuming a default configuration.
> There are ways to avoid this.
>
>> For truly sensitive stuff like a CC#, do *NOT* put that in session data.
>> Write your script to get the CC# via SSL, process it, and throw it away,
>> all in one single PHP script.
>
>
> This is good advice, but if there is a business need to store the
> credit card number (for whatever reason), it's not necessarily always
> best to avoid storing it in the session.
>
> Performance considerations can require that you couple its retrieval
> with other session data rather than incur the extra expense. It's just
> one of those things that is a little bit application-specific.
>
> Chris
>

[Back to original message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация