[Techtalk] php plain text password in /tmp

Maria McKinley maria at shadlen.org
Wed Oct 10 22:44:30 UTC 2007


Recently it has come to my attention that the pmwiki built-in user 
authentication system uses php, and that php is configured to save 
session information in /tmp/, which includes passwords in plain text. 
How big of a security risk is this (sounds pretty bad to me...), and 
does anyone know what can be done about it?


More information about the Techtalk mailing list