[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files

Christophe David pmwiki at christophedavid.org
Tue Oct 16 01:18:54 CDT 2007


> > This is not relevant for this topic: we are talking about PHP session
> > files storing passwords in clear.
> The topic isn't necessarily that specific, considering this is the
> pmwiki-users list, not pmwiki-devel.  First, here's the part you
> chopped out...

Sorry if it hurt you.

I have been trying for a while to let appreciate there is a problem
with the passwords stored in clear in PHP session files, and I felt
(wrongly) that your post could just let people think the point could
be solved by storing hashes in config files.

Your reply was a indeed interesting as an answer to Maria's post.

In the mean time, Pm wrote he would solve the PHP session issue very
soon, so everything is fine ;-)

Christophe



More information about the pmwiki-users mailing list