php sessions security against windows 2000/NT domain

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
hgasim
Forum Newbie
Posts: 2
Joined: Wed Dec 18, 2002 11:22 am

php sessions security against windows 2000/NT domain

Post by hgasim »

Will a Windows NOT/2000 administrator be able to tap into a network to view what the users are working on if the users are working within a php page that's under a session?

Thanks.
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

yes, depending on what is stored in the session. The session vars are serialized and then written to a file so you can get some info by reading the session files built.
hgasim
Forum Newbie
Posts: 2
Joined: Wed Dec 18, 2002 11:22 am

Post by hgasim »

Thanks for the reply.

Is it possible to deny the administrator the possibility of doing that and if possible, how?
hedge
Forum Contributor
Posts: 234
Joined: Fri Aug 30, 2002 10:19 am
Location: Calgary, AB, Canada

Post by hedge »

hgasim wrote:Thanks for the reply.

Is it possible to deny the administrator the possibility of doing that and if possible, how?
Which Administrator... local?

well I guess you could only give permission to the IUSR_machinename but you should have domain admins or someone in there at least.
Post Reply