[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files

Christophe David pmwiki at christophedavid.org
Fri Oct 12 15:57:56 CDT 2007


> > Indeed, but it does not make it a non-issue ;-)

> To briefly answer the above discussion:  the plan is that PmWiki
> will change the way it manages passwords so that they aren't held
> in cleartext in the session data.  In addition, there will be an
> $EnableSessionPasswords configuration variable that can be used to
> completely disable PmWiki's storage of passwords in the session.
> I expect these to come out in the next release, hopefully sometime
> within the next week.

That is great news !

Thanks a lot Patrick !

Christophe



More information about the pmwiki-users mailing list