On Fri, Sep 24, 2010 at 1:36 AM, Neil Kandalgaonkar <neilk(a)wikimedia.org> wrote:
On 9/23/10 2:24 PM, Ryan Lane wrote:
The contents of that session on the server are
unencrypted, correct?
Depending on what the secret is, he may or may not want to use it. For
instance, that is probably a terrible place to put credit card numbers
temporarily.
Good point, but in this case I'm just storing the path to a temporary file.
The file isn't even sensitive data; it's just a user-uploaded media file
for which the user has not yet selected a license, although we
anticipate they will in a few minutes.
If it's user-uploaded, take care of
garbage collection; actually, how
does PHP handle it if you upload a file and then don't touch it during
the script's runtime? Will it automatically be deleted after the
script is finished or after a specific time?
Marco
--
VMSoft GbR
Nabburger Str. 15
81737 München
Geschäftsführer: Marco Schuster, Volker Hemmert
http://vmsoft-gbr.de