Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 3 of 3
  1. #1
    Regular Coder
    Join Date
    Mar 2006
    Posts
    187
    Thanks
    5
    Thanked 0 Times in 0 Posts

    Sesion Varibles - Security

    I have read that it could be possible for some one to change session varibles if you are using a shared hoast, if you leave the sessions in the defualt directory? is this correct? can i secure it by changing the directory?

  • #2
    New Coder
    Join Date
    Aug 2007
    Posts
    37
    Thanks
    0
    Thanked 0 Times in 0 Posts
    i dont know much about this but on your server you can create a " _private " (or you already have one) folder and seemingly because its different from the _public (what you want the public to see) folder then the user cant access it or something like that, store it there and use the include php code it might do it but im really not the best person for that kind of stuff if im lucky ive got half of it right lol.
    Im not totally sure if anyone can veiw the _private folder would be good to find out what happens.
    (make sure you back things up before trying anything as im probably wrong)

  • #3
    Regular Coder ralph l mayo's Avatar
    Join Date
    Nov 2005
    Posts
    951
    Thanks
    1
    Thanked 31 Times in 29 Posts
    It's possible; it all depends on your host's configuration. Read the responses here for an explanation. Look at your phpinfo() and see if it looks like the tmp directory is specific to your vhost, and look at the ownership and permissions of that directory. If you can't tell what's going on ask your host about it. It's marginally safer to store session data yourself in your database, where other users at least have to compromise your password or the password of a database superuser to poke around. Honestly even if it all checks out there's no legitimate expectation of privacy or security on a shared host. Consider virtual private hosting, which is getting very much cheaper lately, if you're doing anything where the consequences of having all your data exposed would be more than just annoying.


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •