[Prometheus-library] Passwords and stuff

[Woolhiser, E. <Eri...@bm...>]

I'm looking in ./prometheus/db/User_Db/User.object and I wonder about the
fact that the user object has a member variable of 'password'.

I am very new to PHP, so I hope someone can explain this me gently:

If in PHP4 I were to session_start() and session_register() a user object,
would the user object be serialized and passed via POST to the next page in
the clear? 
If so, could a Prometheus user compromise his website by registering a user
object?

I don't really understand sessions in PHP4 that well. 

-- 
Eric Woolhiser                            BMC Software Inc
NT Build Meister                          880 Winter St. Bldg 4 rm. 2.227
781-663-4646 (or x34646 internally)       Waltham, Ma 02454-9111
http://midwatch.org/pgp-key.html          http://www.bmc.com
http://www.tuxedo.org/~esr/ecsl