>This all probably takes care about the problem with session id's in the >query string, which is known as referrer to the next website our visitor >visits. What I'm worrying and wondering about now are other users of the >server my site's at. They can most likely go into the /tmp folder and >just read my session files. Not Nice. I know it has been discussed for >quite some times now .. but never really found anything else than >warnings for stuff, no real solutions.
You don't have to store session data in /tmp -- it can be in any directory you choose. Of course, that directory will still need to be world readable and writeable in order to work, so this is more a case of security through obscurity though it may help. I don't think there really is a bulletproof solution to your problem, though, for a number of reasons: if you choose to store the sensitive information in a database rather than a session file, you are still left with the fact that at some point, an unprivileged Apache user needs to be able to get to it. That means world-readable database credentials, access scripts, configuration files, and so on. One option is to use Apache's suexec feature* and offload some of your sensitive data access onto scripts and files that are maintained only by you. Jason's suggestion for encrypting session data is a good one, though it also suffers from the drawback above: ultimately most of the code required to access your session information will need to be open in some way, including the encryption key. I think if you're really storing sensitive information, you shouldn't be on a host shared with people you don't know/trust to begin with. * SuExec: http://httpd.apache.org/docs/suexec.html) --------------------------------------------------------------------- michal migurski- contact info and pgp key: sf/ca http://mike.teczno.com/contact.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php