On 10/15/07, Christophe David <[EMAIL PROTECTED]> wrote: > > FWIW cleartext passwords in config.php are avoidable if you use > > ?action=crypt and paste crypted passwords into the file. > > This is not relevant for this topic: we are talking about PHP session > files storing passwords in clear.
The topic isn't necessarily that specific, considering this is the pmwiki-users list, not pmwiki-devel. First, here's the part you chopped out... >>On 10/12/07, Maria McKinley <[EMAIL PROTECTED]> wrote: >>> Yes, I suppose if they could look at /tmp they could also look at >>> config.php, and get my admin password, which probably should not be >>> written out in plain text on the server either. Not everyone reading this thread -- possibly Maria included -- knows that you can crypt passwords in config.php. I thought a reminder about ?action=crypt might be helpful. Anyone using a managed hosting service (or just about any server with other users) should be crypting their passwords in config.php whether they realize it or not. Now maybe some of them are aware of this who weren't aware before. Hagan _______________________________________________ pmwiki-users mailing list pmwiki-users@pmichaud.com http://www.pmichaud.com/mailman/listinfo/pmwiki-users