http://jesscoburn.com/archives/2006/09/19/php-is-not-secure-on-windows/ Tidbits and thoughts on webhosting, web applications and just general cool geek crap. Tue, 06 Jan 2009 06:40:20 +0000 http://wordpress.org/?v=2.7 hourly 1 http://jesscoburn.com/archives/2006/09/19/php-is-not-secure-on-windows/comment-page-1/#comment-2 Wayne Thu, 21 Sep 2006 01:25:44 +0000 http://jesscoburn.com/archives/2006/09/19/php-is-not-secure-on-windows/#comment-2 A common mistake among PHP users of open source PHP applications is storing PHP session information within publically browsable folders. It's an easy hack for anyone familiar with the common applications (Oscommerce, PHPnuke, PHPbb, etc) to look for these folders within web reachable folders. Store sessions in database tables or folders outside of any normal root or publically accessible content. A common mistake among PHP users of open source PHP applications is storing PHP session information within publically browsable folders. It’s an easy hack for anyone familiar with the common applications (Oscommerce, PHPnuke, PHPbb, etc) to look for these folders within web reachable folders. Store sessions in database tables or folders outside of any normal root or publically accessible content.

]]>