[Owncloud] Password is stored in Session

Robin Appelman icewind1991 at gmail.com
Thu Dec 22 13:07:26 UTC 2011


Sending this to summarize the discussion we had about it,

storing the password in the session isn't a big security issue since
reading values from the session isn't as easy as opitzfamilys  though.

That said, the password is no longer saved in the session in the
encryption branch which will be merged for the next release.

- Robin Appelman



On Thu, Dec 22, 2011 at 12:05, Simon Opitz <simon.opitz at isx-software.de> wrote:
> today I found out that the users password is being stored in the session
> variables in clear text.
> you might want to delete line 197 in user.php to get rid this security issue
> ;)
>
> opitzfamilys
>
> _______________________________________________
> Owncloud mailing list
> Owncloud at kde.org
> https://mail.kde.org/mailman/listinfo/owncloud
>



More information about the Owncloud mailing list