Secure Coding mailing list archives
Re: Scripting Languages and Secure Coding + code
From: securecodingorg () nuvisions ch
Date: Fri, 05 Dec 2003 02:36:06 +0000
On Thursday 04 December 2003 11:40, Ghita Serban wrote:
$_SESSION['username']=$username; $_SESSION['password']=$password;
Why would you want to store this (sensitive) data in the session? Someone might be able to read the session store, and retrieve the information form there. Setting $_SESSION['ns_isauth'] to true should do imo.
//we can do other stuff here
} else {
header("Location: ./index.php?msg=2");
Afair Location-Header should include the complete new location:
prot://srv.domain.tld/path/to/file.ext
Set 2nd parameter to 'true' to make sure previous headers are overwritten.
Current thread:
- Re: Scripting Languages and Secure Coding + code, (continued)
- Re: Scripting Languages and Secure Coding + code ck (Dec 08)
- Re: Scripting Languages and Secure Coding + code ck (Dec 08)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 09)
- Re: Scripting Languages and Secure Coding + code Carsten Kuckuk (Dec 09)
- Re: Scripting Languages and Secure Coding + code Jeremy Thibeaux (Dec 04)
- Re: Scripting Languages and Secure Coding + code securecodingorg (Dec 04)
- Re: Scripting Languages and Secure Coding + code Jeremy Thibeaux (Dec 04)
- Re: Scripting Languages and Secure Coding + code Louis Solomon [SteelBytes] (Dec 05)
- Re: Scripting Languages and Secure Coding + code David M. Wilson (Dec 05)
- Re: Scripting Languages and Secure Coding + code Ghita Gh. Serban (Dec 05)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 04)
- Re: Scripting Languages and Secure Coding der Mouse (Dec 04)
- Re: Scripting Languages and Secure Coding Louis Solomon [SteelBytes] (Dec 05)
- Re: Scripting Languages and Secure Coding ljknews (Dec 06)
- Re: Scripting Languages and Secure Coding Bob Toxen (Dec 05)