We're a community of 1077K IT Pros here for help, advice, solutions, professional growth and fun. Join us!
1,076,329 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Start New Discussion Reply to this Discussion
Ad: BlackBerry® Z10
1 Year Ago
0

Store session data on different folder- Better alternative?

I'm making personal MVC framework skeleton I plan to build all sites on it (reserve your question pls on why not CI or CakePHP et al). Now Thinking of session security, one option is database. I was wondering whether storing session data in root_app/tmp/sessions/ would be better as/more than database! I was asking from security perspective
Thanks!

3
Contributors
4
Replies
2 Days
Discussion Span
1 Year Ago
Last Updated
5
Views
Stefano Mtangoo
Senior Poster
3,731 posts since Jun 2007
Reputation Points: 462
Solved Threads: 396
Skill Endorsements: 0
1 Year Ago
0

store your session into the database. it is more secured.

decade
Junior Poster in Training
63 posts since Jun 2011
Reputation Points: 12
Solved Threads: 14
Skill Endorsements: 0
1 Year Ago
0

store your session into the database. it is more secured.

Why is it more secure in database than in .htaccess protected personal folder?

Stefano Mtangoo
Senior Poster
3,731 posts since Jun 2007
Reputation Points: 462
Solved Threads: 396
Skill Endorsements: 0
1 Year Ago
0

If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.

broj1
Nearly a Posting Virtuoso
1,211 posts since Jan 2011
Reputation Points: 167
Solved Threads: 164
Skill Endorsements: 13
1 Year Ago
0

If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.

This now makes sense! I'm trying to understand the essence of MVC framework to have such folder. What is it for?

Stefano Mtangoo
Senior Poster
3,731 posts since Jun 2007
Reputation Points: 462
Solved Threads: 396
Skill Endorsements: 0

This article has been dead for over three months: Start a new discussion instead

Post: Markdown Syntax: Formatting Help
 
You
Web Development > PHP
View similar articles that have also been tagged:
 
© 2013 DaniWeb® LLC
Page rendered in 0.0713 seconds using 2.72MB