"Raditha Dissanayake" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> M, very interesting thread, thanx for starting this. Good comments
curt.
>
>
> >>1. (!!!) Absolutely easily generate new sessions with any content for
every
> >>site on server.
> >>
> >>
> >
> >
> >
>
> It's be
"Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> * Thus wrote Rx ([EMAIL PROTECTED]):
> > Theres absolutely no control over session.save_path parameter in php. By
> > setting it to every directory he wants, every user can:
Theres absolutely no control over session.save_path parameter in php. By
setting it to every directory he wants, every user can:
1. (!!!) Absolutely easily generate new sessions with any content for every
site on server.
2. Delete other users sessions by setting gc to 100 and probably legal files
3 matches
Mail list logo
