[pmwiki-users] PmWIki AuthUser passwords stored in clear in PHPsession files
Christophe David
pmwiki at christophedavid.org
Tue Oct 16 01:18:54 CDT 2007
> > This is not relevant for this topic: we are talking about PHP session
> > files storing passwords in clear.
> The topic isn't necessarily that specific, considering this is the
> pmwiki-users list, not pmwiki-devel. First, here's the part you
> chopped out...
Sorry if it hurt you.
I have been trying for a while to let appreciate there is a problem
with the passwords stored in clear in PHP session files, and I felt
(wrongly) that your post could just let people think the point could
be solved by storing hashes in config files.
Your reply was a indeed interesting as an answer to Maria's post.
In the mean time, Pm wrote he would solve the PHP session issue very
soon, so everything is fine ;-)
Christophe
More information about the pmwiki-users
mailing list