Page 1 of 1

php sessions security against windows 2000/NT domain

Posted: Wed Dec 18, 2002 11:22 am
by hgasim
Will a Windows NOT/2000 administrator be able to tap into a network to view what the users are working on if the users are working within a php page that's under a session?

Thanks.

Posted: Wed Dec 18, 2002 12:29 pm
by hedge
yes, depending on what is stored in the session. The session vars are serialized and then written to a file so you can get some info by reading the session files built.

Posted: Wed Dec 18, 2002 1:07 pm
by hgasim
Thanks for the reply.

Is it possible to deny the administrator the possibility of doing that and if possible, how?

Posted: Wed Dec 18, 2002 1:45 pm
by hedge
hgasim wrote:Thanks for the reply.

Is it possible to deny the administrator the possibility of doing that and if possible, how?
Which Administrator... local?

well I guess you could only give permission to the IUSR_machinename but you should have domain admins or someone in there at least.