[Techtalk] php plain text password in /tmp
gayathri.swa at gmail.com
Wed Oct 10 22:58:32 UTC 2007
There goes Maria talking to herself again ;-)
How did you fix it?
On 10/10/07, Maria McKinley <maria at shadlen.org> wrote:
> Maria McKinley wrote:
> > Hello,
> > Recently it has come to my attention that the pmwiki built-in user
> > authentication system uses php, and that php is configured to save
> > session information in /tmp/, which includes passwords in plain text.
> > How big of a security risk is this (sounds pretty bad to me...), and
> > does anyone know what can be done about it?
> > thanks,
> > maria
> > _______________________________________________
> > Techtalk mailing list
> > Techtalk at linuxchix.org
> > http://mailman.linuxchix.org/mailman/listinfo/techtalk
> Nevermind, I think I figured out how to have it encrypted.
> Techtalk mailing list
> Techtalk at linuxchix.org
More information about the Techtalk