Hi all,
I want some data generated and stored at authentication which will be
accessible throughout a (web) session. However I want better security
controls than just storing it within the session - anyone who can write a
PHP script on the server can then modify the contents.
There doesn't seem to be any easy way of seperating the privilege (so e.g. a
setuid program might write the data to a file, not writable by the
webserver user). I don't want to have to run a second webserver as a
different user just to acheive this.
Anybody any ideas?
TIA,
Colin