RE: [Phplib-users] new Session4 changes
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
RE: [Phplib-users] new Session4 changes
|
From: Rob H. <rob...@ws...> - 2002-12-02 20:41:34
|
I can have 3 or 4 different implementations of default auth, each page using a different one, each with different settings. Or, I can have 3 or 4 different implementations of default auth, each page implementing all of them under an if-then statement. I can change modes back and forth, etc. All I have to do is have a function that allows the progression of the SID from one type to another. Rob Hutton Web Safe www.wsafe.com ********************************************************************** Introducing Symantec Client Security - Integrated Anti-Virus, Firewall, and Intrusion Detection for the Client. Learn more: http://enterprisesecurity.symantec.com/symes238.cfm?JID=2&PID=11624271 > -----Original Message----- > From: php...@li... > [mailto:php...@li...]On Behalf Of Giancarlo > Sent: Monday, December 02, 2002 2:12 PM > To: phplib-users > Subject: Re: [Phplib-users] new Session4 changes > > > > > What I said is that, upon certain not so uncommomd > prerequisites, it can > > be difficult to have a twin mode-falback_mode that fit all cases, from > > the bot to the cookie_only authed user... > > use_cookie_only is better for security and authentication, problem is > it's a coiche all_or_nothing, that has to be enforced either everywhere > or nowhere. So people decide not to use it. If it was possible to > enforce it only in determined cases, it'd be better. > Think of the default_auth case. You cannot specify different session > classes for that page, because the same has to cater for both authed and > unauthed user. So how do you impose use_cookie_only only on those > authed? No way, it's a policy to be adopted either everywhere, or give > it up. And people give it up. > Similar is for the session save_handler type. You cannot, at a certain > point eg: once authenticated, migrate the anonymous 'file' storage to > the more secure db. > > Gian > > > > ------------------------------------------------------- > This SF.net email is sponsored by: Get the new Palm Tungsten T > handheld. Power & Color in a compact size! > http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en > _______________________________________________ > Phplib-users mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phplib-users > > |
