From a167feaff3eeb532001985d30c7eeaaca4539658 Mon Sep 17 00:00:00 2001 From: nehresma Date: Wed, 12 Apr 2000 20:28:10 +0000 Subject: [PATCH 1/1] updated info on php.ini git-svn-id: https://svn.code.sf.net/p/squirrelmail/code/trunk/squirrelmail@416 7612ce4b-ef26-0410-bec9-ea0150e637f0 --- INSTALL | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/INSTALL b/INSTALL index 38605af8..06af9642 100644 --- a/INSTALL +++ b/INSTALL @@ -36,19 +36,16 @@ b. Changing php.ini can be done at configure time with the configuration directive --with-config-file-path=PATH. - Squirrelmail does not use cookies as of version 0.4. Edit the - php.ini file and change session.use_cookies to 0 (false). Also be - sure to change the session.save_path to someplace that can only be - read and written to by the webserver. session.save_path is the + Edit the php.ini file and make sure session.use_cookies is 1. Also + be sure to change the session.save_path to someplace that can only + be read and written to by the webserver. session.save_path is the location that PHP's session data will be written to. - SECURITY WARNING - SquirrelMail saves non plaintext passwords in - PHP's session data to log on to the IMAP server. If a user has - access to write PHP scripts on your system and knows the location - where PHP stores session data, he could get a listing of the - sessions being used and then read a given session's data with his - own PHP script. Caution should be used when setting up permissions - and locations of php.ini and the session data. + SECURITY WARNING - If a user has access to write PHP scripts on your + system and knows the location where PHP stores session data, he + could get a listing of the sessions being used and then read a given + session's data with his own PHP script. Caution should be used when + setting up permissions and locations of php.ini and the session data. c. Setting up .php files to use PHP4 -- 2.25.1