Re: [Phplib-users] php4 session saves whole obj properties, includeud db pass
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] php4 session saves whole obj properties, includeud db pass
|
From: Michael C. <mdc...@mi...> - 2002-09-25 22:20:24
|
On Wed, Sep 25, 2002 at 11:59:04PM +0200, Giancarlo wrote: > Il 00:02, gioved=EC 26 settembre 2002, Michael Chaney ha scritto: > > On Wed, Sep 25, 2002 at 08:31:30PM +0200, Giancarlo wrote: > > > I am disappointed, again, in discovering that. > > > every property of the class is saves, and in each /tmp/sess_ there's > > > everything for the connection,included puser an pass in cleartext. > > > > > > phplib used to save only the persisten vars. > > > > I always erase passwords. > > >=20 > You mean you=20 >=20 > unset ($db->Host); > unset ($db->User); > unset ($db->Database); > unset ($db->PAssword); >=20 > before page_close/freeze? I see no reason to make the $db variable persistent, and plenty of reason to not do that. Michael --=20 Michael Darrin Chaney mdc...@mi... http://www.michaelchaney.com/ |
