can be done at configure time with the configuration directive
--with-config-file-path=PATH.
- Squirrelmail does not use cookies as of version 0.4. Edit the
- php.ini file and change session.use_cookies to 0 (false). Also be
- sure to change the session.save_path to someplace that can only be
- read and written to by the webserver. session.save_path is the
+ Edit the php.ini file and make sure session.use_cookies is 1. Also
+ be sure to change the session.save_path to someplace that can only
+ be read and written to by the webserver. session.save_path is the
location that PHP's session data will be written to.
- SECURITY WARNING - SquirrelMail saves non plaintext passwords in
- PHP's session data to log on to the IMAP server. If a user has
- access to write PHP scripts on your system and knows the location
- where PHP stores session data, he could get a listing of the
- sessions being used and then read a given session's data with his
- own PHP script. Caution should be used when setting up permissions
- and locations of php.ini and the session data.
+ SECURITY WARNING - If a user has access to write PHP scripts on your
+ system and knows the location where PHP stores session data, he
+ could get a listing of the sessions being used and then read a given
+ session's data with his own PHP script. Caution should be used when
+ setting up permissions and locations of php.ini and the session data.
c. Setting up .php files to use PHP4