So, the system() command allows a user only to start services in his own home direktory?
----- Original Message ----- From: "Ilia A." <[EMAIL PROTECTED]> To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" <[EMAIL PROTECTED]> Sent: Thursday, August 15, 2002 1:36 AM Subject: Re: [PHP] SESSION Security > On August 14, 2002 07:03 pm, Sascha Braun wrote: > > So, if somebody gets an ftp account somehow, he will be able to get session > > vars via a system() command? > > If their FTP client allows them to go into the directory where session ids are > stored, then that user will be able to see current session ids. On most > servers FTP clients are setup to only allow user access to their own home > directory. > > Ilia > > > > > > > ----- Original Message ----- > > From: "Ilia A." <[EMAIL PROTECTED]> > > To: "Sascha Braun" <[EMAIL PROTECTED]>; "PHP Mailingliste" > > <[EMAIL PROTECTED]> > > Sent: Thursday, August 15, 2002 1:27 AM > > Subject: Re: [PHP] SESSION Security > > > > > If a person 'somehow' gains read access to the directory where the > > > > sessions > > > > > are stored on your server, then yes it is possible for them to get the > > > session id. > > > > > > Ilia > > > > > > On August 14, 2002 06:41 pm, Sascha Braun wrote: > > > > Is it possible that someone from outside can read the session stored > > > > on my webserver for getting unencrypted password and usernames? > > > > > > > > Schura > > > > > > -- > > > PHP General Mailing List (http://www.php.net/) > > > To unsubscribe, visit: http://www.php.net/unsub.php > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
