At 8:05 AM -0400 4/10/07, Eric Butera wrote:
Did you know sessions are just plain text files sitting on the
webserver in most cases? So by putting a credit card in the session
it is actually just cleartext for people to read.
Yes, all files reside somewhere.
Session files reside on the server and are as secure as the server
environment. If someone breaches the server environment, then all
data could exposed and is an excellent reason why not to store highly
sensitive data there.
Cheers,
tedd
--
-------
http://sperling.com http://ancientstones.com http://earthstones.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
