[dev] password security during the session -- what is it?

Rich Lafferty rich@horde.org
Wed, 20 Dec 2000 15:36:30 -0500

Previous message: [dev] password security during the session -- what is it?
Next message: [dev] password security during the session -- what is it?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wed, Dec 20, 2000 at 03:28:28PM -0500, Michael Bull (mbull@uoguelph.ca) wrote:
> At 03:08 PM 20/12/2000 -0500, you wrote:
> 
> 
> >They're transmitted from the browser to the Web server, and then
> >stored on the webserver. They're then transmitted from the Web server
> >to the IMAP server whenever necessary to establish an IMAP connection.
> 
> Thanks for the info, Rich -- how are they stored on the 
> webserver?  Plaintext in memory as part of the PHP session?  That would be 
> the last part of my question, I think.   Thanks again!

In 2.3, as PHP session variables. Since they're passed plaintext and
since the IMAP server handles them plaintext, they're bound to be in
memory plaintext at *some* point. PHP session values are *stored* in
files, IIRC, in your tmp directory.

  -Rich

-- 
------------------------------ Rich Lafferty ---------------------------
 Sysadmin/Programmer, Instructional and Information Technology Services
   Concordia University, Montreal, QC                 (514) 848-7625
------------------------- rich@alcor.concordia.ca ----------------------

Previous message: [dev] password security during the session -- what is it?
Next message: [dev] password security during the session -- what is it?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]