473,386 Members | 1,799 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

home > topics > php > questions > tamper-proof sessions

Join Bytes to post your question to a community of 473,386 software developers and data experts.

Tamper-proof sessions

Hi all,

I want some data generated and stored at authentication which will be
accessible throughout a (web) session. However I want better security
controls than just storing it within the session - anyone who can write a
PHP script on the server can then modify the contents.

There doesn't seem to be any easy way of seperating the privilege (so e.g. a
setuid program might write the data to a file, not writable by the
webserver user). I don't want to have to run a second webserver as a
different user just to acheive this.

Anybody any ideas?

TIA,

Colin
Jul 17 '05 #1
1 1650
"Colin McKinnon" <co**************@andthis.mms3.com> wrote in message
news:cb*******************@news.demon.co.uk...
Hi all,

I want some data generated and stored at authentication which will be
accessible throughout a (web) session. However I want better security
controls than just storing it within the session - anyone who can write a
PHP script on the server can then modify the contents.

There doesn't seem to be any easy way of seperating the privilege (so e.g. a setuid program might write the data to a file, not writable by the
webserver user). I don't want to have to run a second webserver as a
different user just to acheive this.

Anybody any ideas?


That's some of the instances where storing the session data in the database
makes sense. Encrypting the session data is another option (provided that
you have a way of protecting the key).

See help on session_set_save_handler() for more info.
Jul 17 '05 #2
New Post

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

34
I've been FRAMED!
by: Charles Douglas Wehner | last post by:
This is a serious question - but probably one that has been asked many times before. Go to http://wehner.org It has FRAMES. Select ADDISON. The main page (to the right of the buttons) shows...
HTML / CSS
1
Keeping state without the session object or the query string
by: Simon | last post by:
Hi all, I need to maintain state between two pages but for two pissy reasons I can't use the Session object and the Query String isn't ideal because its too easy to tamper with. I'm wondering...
ASP.NET
4
cookie encryption/security
by: gl | last post by:
I'm currently making a web app that stores a user id in a cookie, and builds user information off of that in the differnt pages of the site. The cookie is created on login, and is separate from the...
C# / C Sharp
3
Prog execution in IDE works, fails when running exe
by: Bob | last post by:
Using Vs2003. Program runs in IDE mode, but when I run it from windows explorer double clicking on the .exe file to launch, it launches OK, but running a sub that tests exception handling gives me...
Visual Basic .NET
3
Web service Security
by: sayravi | last post by:
Hi, We have propesed a solution to our client which uses webservices to expose certain interfaces to internet. We are currently thinking of how to secure a web service when exposed to...
C# / C Sharp
5
source code security
by: Josh | last post by:
hi frns i m a new member of the group. just wanted to ask a question what tools or methods do we have to secure the source code of php after the application is ready. or else anyone could...
PHP
12
pointer past end of buffer
by: John Goche | last post by:
A lot of C++ code allocates a buffer and initializes start and end pointers as follows: +-------------------------------+ + + +-------------------------------+ ^ ...
C / C++
63
Why less emphasis on private data?
by: time.swift | last post by:
Coming from a C++ / C# background, the lack of emphasis on private data seems weird to me. I've often found wrapping private data useful to prevent bugs and enforce error checking.. It appears...
Python
18
Saving Report as Image in Access Table
by: pltmcs | last post by:
I am building lock shop software to accept an electronic signature when university personnel are given keys. Currently a paper report is generated that the person signs. The signed paper is then...
Microsoft Access / VBA
14
VC++ 6.0 MFC Application linking to a Win32 DLL issue with pointer to a struct
by: actcom | last post by:
I'm hoping someone has seen this before ... I have a header file that looks something like this typedef struct ATYPE { int one; int two; char first; }atype;
C / C++
0
Basic Javascript concepts
by: aa123db | last post by:
Variable and constants Use var or let for variables and const fror constants. Var foo ='bar'; Let foo ='bar';const baz ='bar'; Functions function $name$ ($parameters$) { } ...
Javascript
0
Batch import of multiple excel files into the database
by: ryjfgjl | last post by:
If we have dozens or hundreds of excel to import into the database, if we use the excel import function provided by database editors such as navicat, it will be extremely tedious and time-consuming...
Data Management
1
Looking to do Android software development, any suggestions? Is flutter better?
by: nemocccc | last post by:
hello, everyone, I want to develop a software for my android phone for daily needs, any suggestions?
General
1
Is that possible of reading the .csv file in column wise and the column have different lengths ?
by: Sonnysonu | last post by:
This is the data of csv file 1 2 3 1 2 3 1 2 3 1 2 3 2 3 2 3 3 the lengths should be different i have to store the data by column-wise with in the specific length. suppose the i have to...
C / C++
0
How to build RAID in BIOS?
by: Hystou | last post by:
There are some requirements for setting up RAID: 1. The motherboard and BIOS support RAID configuration. 2. The motherboard has 2 or more available SATA protocol SSD/HDD slots (including MSATA, M.2...
Computer Hardware
0
marktang
What is ONU?
by: marktang | last post by:
ONU (Optical Network Unit) is one of the key components for providing high-speed Internet services. Its primary function is to act as an endpoint device located at the user's premises. However,...
General
0
Changing the language in Windows 10
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can...
Windows Server
0
Oralloy
Problem With Comparison Operator <=> in G++
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers,...
C / C++
0
jinu1996
Maximizing Business Potential: The Nexus of Website Design and Digital Marketing
by: jinu1996 | last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven...
Online Marketing

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.

BYTES.COM © 2024
About Bytes
Terms Of Use
Privacy Policy
Sitemap
Advertise on Bytes:
Post a Job
Sponsored Posts
Platinum & Gold Sponsors
Hire Now!