[Techtalk] php plain text password in /tmp

Maria McKinley maria at shadlen.org
Wed Oct 10 22:51:51 UTC 2007


Maria McKinley wrote:
> Hello,
> 
> Recently it has come to my attention that the pmwiki built-in user 
> authentication system uses php, and that php is configured to save 
> session information in /tmp/, which includes passwords in plain text. 
> How big of a security risk is this (sounds pretty bad to me...), and 
> does anyone know what can be done about it?
> 
> thanks,
> maria
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk

Nevermind, I think I figured out how to have it encrypted.

~maria


More information about the Techtalk mailing list