[Techtalk] php plain text password in /tmp
Maria McKinley
maria at shadlen.org
Wed Oct 10 22:51:51 UTC 2007
Maria McKinley wrote:
> Hello,
>
> Recently it has come to my attention that the pmwiki built-in user
> authentication system uses php, and that php is configured to save
> session information in /tmp/, which includes passwords in plain text.
> How big of a security risk is this (sounds pretty bad to me...), and
> does anyone know what can be done about it?
>
> thanks,
> maria
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
Nevermind, I think I figured out how to have it encrypted.
~maria
More information about the Techtalk
mailing list