[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files
H. Fox
haganfox at users.sourceforge.net
Mon Oct 15 12:21:09 CDT 2007
On 10/12/07, Maria McKinley <parody at u.washington.edu> wrote:
>
> Yes, I suppose if they could look at /tmp they could also look at
> config.php, and get my admin password, which probably should not be
> written out in plain text on the server either.
FWIW cleartext passwords in config.php are avoidable if you use
?action=crypt and paste crypted passwords into the file.
http://pmwiki.org/wiki/PmWiki/PasswordsAdmin#crypt
http://php.net/crypt
Hagan
More information about the pmwiki-users
mailing list