[Techtalk] php plain text password in /tmp
maria at shadlen.org
Wed Oct 10 23:18:03 UTC 2007
Well, still working on it, but I need to put something approximating
this in config.php:
$DefaultPasswords['edit'] = crypt('id:*');
Unfortunately, I don't have the syntax correct yet. The unencrypted
$DefaultPasswords['edit'] = 'id:*';
Gayathri Swaminathan wrote:
> There goes Maria talking to herself again ;-)
> How did you fix it?
> On 10/10/07, *Maria McKinley* < maria at shadlen.org
> <mailto:maria at shadlen.org>> wrote:
> Maria McKinley wrote:
> > Hello,
> > Recently it has come to my attention that the pmwiki built-in user
> > authentication system uses php, and that php is configured to save
> > session information in /tmp/, which includes passwords in plain text.
> > How big of a security risk is this (sounds pretty bad to me...), and
> > does anyone know what can be done about it?
> > thanks,
> > maria
> > _______________________________________________
> > Techtalk mailing list
> > Techtalk at linuxchix.org <mailto:Techtalk at linuxchix.org>
> > http://mailman.linuxchix.org/mailman/listinfo/techtalk
> Nevermind, I think I figured out how to have it encrypted.
> Techtalk mailing list
> Techtalk at linuxchix.org <mailto:Techtalk at linuxchix.org>
> Gayathri Swaminathan
> gpgkey: 3EFB3D39
> Volunteer, FDP
More information about the Techtalk