dbTalk Databases Forums  

db record into session array - how safe is it?

Go Back dbTalk Databases Forums Databases comp.databases.mysql db record into session array - how safe is it?

comp.databases.mysql comp.databases.mysql


Discuss db record into session array - how safe is it? in the comp.databases.mysql forum.



Reply
 
Thread Tools Display Modes
  #1  
Old   
Mike
 
Posts: n/a

Default db record into session array - how safe is it? - 09-18-2011 , 09:56 PM





I place a user's db record into a session array (including password).
How safe is this? I mean other than if they walk away without logging
out what is the chance someone could somehow extract the session
array's data?

Mike

Reply With Quote
  #2  
Old   
Jerry Stuckle
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-18-2011 , 10:10 PM





On 9/18/2011 10:56 PM, Mike wrote:
Quote:
I place a user's db record into a session array (including password).
How safe is this? I mean other than if they walk away without logging
out what is the chance someone could somehow extract the session
array's data?

Mike
MySQL knows nothing about sessions.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

Reply With Quote
  #3  
Old   
Álvaro G. Vicario
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-19-2011 , 03:28 AM


El 19/09/2011 4:56, Mike escribió/wrote:
Quote:
I place a user's db record into a session array (including password).
How safe is this? I mean other than if they walk away without logging
out what is the chance someone could somehow extract the session
array's data?
Well, session values are stored in the context of current connection so
they should be private enough... unless you reuse the connection.

(I was not aware that you could use arrays in session variables.)


--
-- http://alvaro.es - Álvaro G. Vicario - Burgos, Spain
-- Mi sitio sobre programación web: http://borrame.com
-- Mi web de humor satinado: http://www.demogracia.com
--

Reply With Quote
  #4  
Old   
Mike
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-19-2011 , 06:59 AM


On Sun, 18 Sep 2011 23:10:37 -0400, Jerry Stuckle
<jstucklex (AT) attglobal (DOT) net> wrote:

Quote:
On 9/18/2011 10:56 PM, Mike wrote:
I place a user's db record into a session array (including password).
How safe is this? I mean other than if they walk away without logging
out what is the chance someone could somehow extract the session
array's data?

Mike

MySQL knows nothing about sessions.
No I suppose not. Actually I was intending to see what those using
databases (and I assume heavily relying on sessions in many
situations) thinks of the security issues of using sessions.

I did take the precaution of clreaing the password form the session
array.

Mike

Reply With Quote
  #5  
Old   
Jacek Krysztofik
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-23-2011 , 03:46 PM


Quote:
MySQL knows nothing about sessions.
Unless you serialize a session into database, you dilettante.

Reply With Quote
  #6  
Old   
Jacek Krysztofik
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-23-2011 , 03:48 PM


Quote:
How safe is this?

Mike
As safe as the access to your session storage.

Reply With Quote
  #7  
Old   
Jerry Stuckle
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-23-2011 , 04:01 PM


On 9/23/2011 4:46 PM, Jacek Krysztofik wrote:
Quote:
MySQL knows nothing about sessions.


Unless you serialize a session into database, you dilettante.
MySQL still knows nothing about sessions. It's just data to it.

But I also understand that's just too complicated for a stoopid troll
like you.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex (AT) attglobal (DOT) net
==================

Reply With Quote
  #8  
Old   
Jacek Krysztofik
 
Posts: n/a

Default Re: db record into session array - how safe is it? - 09-23-2011 , 04:20 PM


Quote:
I place a user's db record into a session array (including password).
How safe is this? I mean other than if they walk away without logging
out what is the chance someone could somehow extract the session
array's data?

Mike
You should limit the data in session to the ID of the record. Every time
a session is read you should reread the record from DB for the simple
reason that in the meantime the account may get disabled, and the
session should be made invalid, which wouldn't happen if you gave up
updating the user data from the database.

Aside from that and superfluousness, there's no reason to avoid storing
user data in the session, granted the session storage is secure.

Reply With Quote
Reply

« Previous Thread | Next Thread »



Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off



Powered by vBulletin Version 3.5.3
Copyright ©2000 - 2012, Jelsoft Enterprises Ltd.


Contact Us - dbTalk Databases Forums - Archive - Top