I'm making personal MVC framework skeleton I plan to build all sites on it (reserve your question pls on why not CI or CakePHP et al). Now Thinking of session security, one option is database. I was wondering whether storing session data in root_app/tmp/sessions/ would be better as/more than database! I was asking from security perspective
Thanks!
Stefano Mtangoo 455 Senior Poster
Recommended Answers
Jump to PostIf session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.
All 4 Replies
decade 2 Junior Poster in Training
store your session into the database. it is more secured.
Stefano Mtangoo 455 Senior Poster
store your session into the database. it is more secured.
Why is it more secure in database than in .htaccess protected personal folder?
broj1 356 Humble servant Featured Poster
If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.
Stefano Mtangoo 455 Senior Poster
If session is stored in a filesystem it is stored as plaintext and every user having access to directory can read the session data (at least root and sudoers). If it is saved in a database only users that have access to database and appropriate permisions can read the data.
This now makes sense! I'm trying to understand the essence of MVC framework to have such folder. What is it for?
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.