[Mapbender_dev] authentication credentials and sessions

Marc Jansen jansen at terrestris.de
Fri May 21 04:58:42 EDT 2010


Hi devs,

is it true that we currently are storing the supplied credentials of a 
user in a readable form within the session? If so, why exactly are we 
doing that?

As I am storing my session data within a database, I see me faced with 
major security or data privacy issues. Am I exaggerating and paranoid or 
is this a structural flaw?

Regards,
Marc

-- 

   .................................................................
    Im April erschienen:
    OpenLayers - Webentwicklung mit dynamischen Karten und Geodaten
    von M. Jansen und T. Adams, OpenSourcePress, München.

    ISBN: 978-3-937514-92-5
    URL:  http://openlayers-buch.de
   .................................................................


   Dipl.-Geogr. Marc Jansen
   - Anwendungsentwickler -

   terrestris GmbH&  Co. KG
   Irmintrudisstraße 17
   53111 Bonn

   Tel:    ++49 (0)228 / 96 28 99 -53
   Fax:    ++49 (0)228 / 96 28 99 -57

   Email:  jansen at terrestris.de
   Web:    http://www.terrestris.de

   Amtsgericht Bonn, HRA 6835
   Komplementärin:  terrestris Verwaltungsgesellschaft mbH
   vertreten durch: Hinrich Paulsen, Till Adams




More information about the Mapbender_dev mailing list