[nycphp-talk] Storing User Controlled Configs
csnyder
chsnyder at gmail.com
Tue Sep 7 09:02:06 EDT 2004
Hmmm, not sure how you would attack session vars, which are stored on
the server. Perhaps the security folks could elaborate. At best, you
could discover or fake someone's session id, but if you can do that,
you can gain access to any web application.
To undigress, session vars are the perfect place to store this info in
my opinion. If it saves you a select across a huge member table, all
the better.
As to #4, I would definitely keep your functions/methods as abstract
as possible, so as not to limit your code to working with PHP's
built-in session mechanism. Then again, It *can* be annoying to type
$_SESSION on every function call...
chris.
More information about the talk
mailing list