Store everything in the database in an encrypted form.
Stuart Dallas wrote:
> On 22 Dec 2011, at 19:34, Paul M Foster
wrote:
>
>> I have concerns that the items in a
session buffer can be copied and
>> used to spoof legitimate
logins. This is harder to do when the info is
>> held in a
database
On 12/22/2011 2:54 PM, Stuart Dallas wrote:
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
I have concerns that the items in a session buffer can be copied and
used to spoof legitimate logins. This is harder to do when the info is
held in a database.
Storing stuff in a database is no more s
On 22 Dec 2011, at 19:34, Paul M Foster wrote:
> I have concerns that the items in a session buffer can be copied and
> used to spoof legitimate logins. This is harder to do when the info is
> held in a database.
Storing stuff in a database is no more secure, it simply requires one single
extra
On Thu, Dec 22, 2011 at 12:55:41PM -0500, Al wrote:
>
>
> On 12/22/2011 10:05 AM, Paul M Foster wrote:
> >Not sure how to ask this question... I've always eschewed consulting a
> >database on page loads to determine if a user is logged in, primarily
> >because of latency issues. For example, you
On 12/22/2011 10:05 AM, Paul M Foster wrote:
Not sure how to ask this question... I've always eschewed consulting a
database on page loads to determine if a user is logged in, primarily
because of latency issues. For example, you could store a nonce like the
session ID in a table for a user whe
5 matches
Mail list logo
