On August 14, 2002 07:03 pm, Sascha Braun wrote: > So, if somebody gets an ftp account somehow, he will be able to get session > vars via a system() command?
If their FTP client allows them to go into the directory where session ids are stored, then that user will be able to see current session ids. On most servers FTP clients are setup to only allow user access to their own home directory. Ilia > > > ----- Original Message ----- > From: "Ilia A." <[EMAIL PROTECTED]> > To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" > <[EMAIL PROTECTED]> > Sent: Thursday, August 15, 2002 1:27 AM > Subject: Re: [PHP] SESSION Security > > > If a person 'somehow' gains read access to the directory where the > > sessions > > > are stored on your server, then yes it is possible for them to get the > > session id. > > > > Ilia > > > > On August 14, 2002 06:41 pm, Sascha Braun wrote: > > > Is it possible that someone from outside can read the session stored > > > on my webserver for getting unencrypted password and usernames? > > > > > > Schura > > > > -- > > PHP General Mailing List (http://www.php.net/) > > To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
