[Techtalk] php plain text password in /tmp
maria at shadlen.org
Wed Oct 10 22:51:51 UTC 2007
Maria McKinley wrote:
> Recently it has come to my attention that the pmwiki built-in user
> authentication system uses php, and that php is configured to save
> session information in /tmp/, which includes passwords in plain text.
> How big of a security risk is this (sounds pretty bad to me...), and
> does anyone know what can be done about it?
> Techtalk mailing list
> Techtalk at linuxchix.org
Nevermind, I think I figured out how to have it encrypted.
More information about the Techtalk