[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files
Christophe David
pmwiki at christophedavid.org
Fri Oct 12 15:57:56 CDT 2007
> > Indeed, but it does not make it a non-issue ;-)
> To briefly answer the above discussion: the plan is that PmWiki
> will change the way it manages passwords so that they aren't held
> in cleartext in the session data. In addition, there will be an
> $EnableSessionPasswords configuration variable that can be used to
> completely disable PmWiki's storage of passwords in the session.
> I expect these to come out in the next release, hopefully sometime
> within the next week.
That is great news !
Thanks a lot Patrick !
Christophe
More information about the pmwiki-users
mailing list