Theres absolutely no control over session.save_path parameter in php. By
setting it to every directory he wants, every user can:
1. (!!!) Absolutely easily generate new sessions with any content for every
site on server.
2. Delete other users sessions by setting gc to 100 and probably legal files
Curt Zirzow [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
* Thus wrote Rx ([EMAIL PROTECTED]):
Theres absolutely no control over session.save_path parameter in php. By
setting it to every directory he wants, every user can:
You can set the value with
php_admin_value save_path
Raditha Dissanayake [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
M, very interesting thread, thanx for starting this. Good comments
curt.
1. (!!!) Absolutely easily generate new sessions with any content for
every
site on server.
It's because of the 'suspect'
3 matches
Mail list logo