On 9/23/10 2:24 PM, Ryan Lane wrote:
The contents of that session on the server are
unencrypted, correct?
Depending on what the secret is, he may or may not want to use it. For
instance, that is probably a terrible place to put credit card numbers
temporarily.
Good point, but in this case I'm just storing the path to a temporary file.
The file isn't even sensitive data; it's just a user-uploaded media file
for which the user has not yet selected a license, although we
anticipate they will in a few minutes.
--
Neil Kandalgaonkar ( ) <neilk(a)wikimedia.org>