Steve Kemp wrote: > If the logins sessions are stored in a cookie they could be > stolen and the account compromised. > Phamm store login information in PHP $_SESSION variable, yes PHPSESSID is saved in a cookie, of course, but make secure the system is a apache+PHP configuration problem, not phamm installation only, phpLDAPAdmin (probably also phpMyAdmin) do the same but adding a encrypt layer using a blowfish string, anyway for these propose is possible using only symmetric key because function that create connection to DB need the password decrypted, anyway could be a good idea use it
> Sure. Now take a look here: > > > http://demo.phamm.org/phamm05/www-data/main.php?action=modify_account&[EMAIL > PROTECTED] > PHP Notice e/o Warning is not Error, any developer can set wanted debug level, a dedicated function in phamm phamm_php_error_level () allow to set PHP error_reporting Inside phamm config.inc.php file user can set ERROR_LEVEL=0 error_reporting(E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR); so no Warning messages will be display anyway, I put on-line a stable version of Phamm 0.4.13 instead 0.5 for others valuations best regards Alessandro De Zorzi -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]