[pmwiki-devel] session contains password in plaintext ?!
pmwiki-devel.10.kompjuta at spamgourmet.com
pmwiki-devel.10.kompjuta at spamgourmet.com
Fri Nov 17 00:31:22 CST 2006
Hello,
is it needed that the session contain the password in plaintext ?
Should be a loginname in the session enough to validate the
user/browser combination!?
IsAuthorized() than have to differ two cases:
1. session exist->AuthId=loginname
2. session not exist-> ask for login+password
No plain passwords are saved on serverside.
Falk
--
[root at Linux] chown linux.users /world
More information about the pmwiki-devel
mailing list