security - How Easy Is It to Hijack Session Vars on GoDaddy (PHP) -


indicates that

If your site is running on a shared web server, of course Keep in mind that any session variable can be easily viewed on the same server by another user.

GoDaddy on a large host, Is there really no security against this? Can it really be easy? If this is easy, Where are the other users' session vars on my host? So can I see them?

This is ridiculously easy because Linux installation by default / Tmp and similar to Windows. This is very bad because most users have read and written the privileges to / tmp because they need them, you can store your SSC status in database or store your PHP applications against this ,


Comments