Bug#440290: ITP: phamm -- Phamm (PHP LDAP Virtual Hosting Manager) is a front-end written in PHP to manage virtual service's using a LDAP directory backend.
Steve Kemp wrote:
> If the logins sessions are stored in a cookie they could be
> stolen and the account compromised.
>
Phamm store login information in PHP $_SESSION variable,
yes PHPSESSID is saved in a cookie, of course, but make secure
the system is a apache+PHP configuration problem, not phamm
installation only, phpLDAPAdmin (probably also phpMyAdmin)
do the same but adding a encrypt layer using a blowfish string,
anyway for these propose is possible using only symmetric key
because function that create connection to DB need the password
decrypted, anyway could be a good idea use it
> Sure. Now take a look here:
>
> http://demo.phamm.org/phamm05/www-data/main.php?action=modify_account&mail=test@abakus.net
>
PHP Notice e/o Warning is not Error, any developer can set wanted
debug level, a dedicated function in phamm phamm_php_error_level ()
allow to set PHP error_reporting
Inside phamm config.inc.php file
user can set ERROR_LEVEL=0
error_reporting(E_COMPILE_ERROR|E_ERROR|E_CORE_ERROR);
so no Warning messages will be display
anyway, I put on-line a stable version of Phamm 0.4.13 instead 0.5 for
others valuations
best regards
Alessandro De Zorzi
Reply to: