[Techtalk] php plain text password in /tmp

Gayathri Swaminathan gayathri.swa at gmail.com
Wed Oct 10 22:58:32 UTC 2007


There goes Maria talking to herself again ;-)

How did you fix it?

Gayathri

On 10/10/07, Maria McKinley <maria at shadlen.org> wrote:
>
> Maria McKinley wrote:
> > Hello,
> >
> > Recently it has come to my attention that the pmwiki built-in user
> > authentication system uses php, and that php is configured to save
> > session information in /tmp/, which includes passwords in plain text.
> > How big of a security risk is this (sounds pretty bad to me...), and
> > does anyone know what can be done about it?
> >
> > thanks,
> > maria
> > _______________________________________________
> > Techtalk mailing list
> > Techtalk at linuxchix.org
> > http://mailman.linuxchix.org/mailman/listinfo/techtalk
>
> Nevermind, I think I figured out how to have it encrypted.
>
> ~maria
> _______________________________________________
> Techtalk mailing list
> Techtalk at linuxchix.org
> http://mailman.linuxchix.org/mailman/listinfo/techtalk
>



-- 
Gayathri Swaminathan
gpgkey: 3EFB3D39
Volunteer, FDP


More information about the Techtalk mailing list