Newsgroups: php.internals Path: news.php.net Xref: news.php.net php.internals:3135 Return-Path: Mailing-List: contact internals-help@lists.php.net; run by ezmlm Delivered-To: mailing list internals@lists.php.net Received: (qmail 70912 invoked from network); 1 Jul 2003 23:58:02 -0000 Received: from unknown (HELO secure.thebrainroom.com) (213.239.42.171) by pb1.pair.com with SMTP; 1 Jul 2003 23:58:02 -0000 Received: from zaneeb.brainnet.i (IDENT:root@brain.dial.nildram.co.uk [195.149.29.154]) by secure.thebrainroom.com (8.9.3/8.9.3) with ESMTP id AAA26220; Wed, 2 Jul 2003 00:58:01 +0100 Received: from TITAN (titan.brainnet.i [192.168.2.7]) by zaneeb.brainnet.i (8.11.6/8.11.6) with SMTP id h61Nvxs06105; Wed, 2 Jul 2003 00:57:59 +0100 Message-ID: <108901c3402c$98fc8310$0702a8c0@TITAN> To: "Sterling Hughes" , Cc: References: <1057087738.1360.216.camel@hasele> <200307011656.33332.ilia@prohost.org> <1057092715.1360.278.camel@hasele> Date: Wed, 2 Jul 2003 00:57:58 +0100 MIME-Version: 1.0 Content-Type: text/plain; charset="Windows-1252" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Subject: Re: [PHP-DEV] Removing SQLite sessions from the defaultdistribution From: wez@thebrainroom.com ("Wez Furlong") ----- Original Message ----- From: "Sterling Hughes" To: Cc: Sent: Tuesday, July 01, 2003 9:51 PM Subject: Re: [PHP-DEV] Removing SQLite sessions from the defaultdistribution > > 4) Marginally more secure then plain files > > Not at all. :) More files more better, you can have different > permissions on each file, rather than the neive implementation of using > one file for all sessions. Sure you can use save_path per virtual host, > but that's if you do it. The default implementation is less secure, and > that's what we have to count on. Bullshit again. You can have a session database per vhost and configure the permission of that database per-vhost.