Securing My website even more than it is

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

User avatar
omniuni
Forum Regular
Posts: 738
Joined: Tue Jul 15, 2008 10:50 pm
Location: Carolina, USA

Re: Securing My website even more than it is

Post by omniuni »

I don't think the session.save_path should matter much so long as you're careful to configure your server correctly and set a .htaccess in the place where the sessions are saved so that they can not be accessed. I'm sure it would not be a bad idea to change the default session name, although so long as they're stored on your own server I suspect it won't matter too much. Admittedly, I do not know much about session vulnerabilities or spoofs. Since we're on the topic, though, do you plan to use cookies at all? I know that since cookies are stored on the host computer, there are several possible vulnerabilities surrounding them.

Continuing good luck,
OmniUni
QuickSnail
Forum Commoner
Posts: 46
Joined: Fri Dec 21, 2007 11:13 am

Re: Securing My website even more than it is

Post by QuickSnail »

It's set up to also use cookies. It might be a good idea to not use them That is probably a good Idea.
The current session.save_path is /tmp.
Sure I should .htaccess that folder?
Post Reply