Re: [Phplib-users] Re: latest snapshot
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
Re: [Phplib-users] Re: latest snapshot
|
From: Giancarlo <gia...@na...> - 2002-11-05 08:18:21
|
I particularly like the fact that snapshot is compatible with the traditi= onal=20 session.inc. As we were speaking about credit card etc, I'd like tomention that in usi= ng=20 any authentication, the control over the session propagation becomes vita= l to=20 security, and php4 ofeers zero control on that. I am sure that session.in= c=20 could acquire some speed by the builtin serializations for the data=20 representation, and the save handlers could be quick, but I'd like a more= =20 controlled propagation in general. One of the things I think everyone really needs is the possibility to shi= ft=20 =66rom a less secure get/trans-sid propagation method, to a more secure=20 only_cookies propagation, reissuing a new session of the latter type and=20 migration all the old session values in it. This means that once authed y= ou=20 get a new session, possibly of the stronger type. BEcause the fact that anyone can be driven into 'get' mode and accept any= =20 users-choice-unpredictable sid... Gian Il 09:55, luned=EC 4 novembre 2002, Marko Kaening ha scritto: > Hi, > > shouldn't we in general use the $_POST, $_GET vars from now on, instead= of > the old $HTTP_* variables? The latter one don't seem to be recommended = for > further use and if a new phplib4 is created one should use right away t= he > proper superglobals. > > Marko > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ApacheCon, November 18-21 in > Las Vegas (supported by COMDEX), the only Apache event to be > fully supported by the ASF. http://www.apachecon.com > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users |
