[Phplib-users] auth persistent_slots fix
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-users] auth persistent_slots fix
|
From: Giancarlo <gia...@na...> - 2002-09-29 23:19:27
|
if you are using session4, you should add this function to your auth.class,
to fix asecurity hole by which username and passwd are in plaintxt in
/tmp/sess_ files
It is very simple, thanks to the foreard looking design of phplib.
###
# add this if you are running authed pages
# with php4 native session handling
###
function __sleep () {
return $this->persistent_slots;
}
I short, the auth object was being dumped full variables, not respecting the
persistent_slot rule.
Add this whenever you rely on freezeing selectively based only the vars named
into the persistent_slot array
Gian
|
