This question was already posted in August, but did not receive any answer. Same player shoots again ;-)
PHP stores session data to temporary files on the server. These files contain in clear all the session variables and their values. When using AuthUser, PmWIki stores the user password in clear in a session variable. Therefore, the user password can be read very easily by anyone who has access to the server. This is especially annoying when using LDAP, as the user password is typically used to authenticate on several systems. Therefore, the use of PmWiki with LDAP creates a security issue for the other systems using LDAP. Any idea how to avoid this ? Christophe _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users