I've got amember installed and have been working on customising it. I looked at the session variables: *everything* is there. User name and password being the most important. How secure is amember? Does it *only* rely on session variables? Is this as well as session cookies? Question: is it not possible to encrypt the username and password and other session variable details? I'm only a PHP beginer, but from what I umderstand using *just* session variables is OK, but no good for any exepreinced hacker who can listen to your traffic or access your PC somehow. Thanks. OM
Omar, Unrelated to Amember, unencrypted traffic in general (ie http:// versus https://) is certainly vulnerable to "hacker listening to your traffic". If you are concerned about security to that extent, using SSL (https://) on your side is recommended. Amember secures based on a number of ways (of which you get to pick) be it session based, cookie based, .htaccess based, etc.
definitely try and use SLL if you are concerned. Try and go for 256bit keys as well and ensure they're from a good well known brand so your users wont have any strange certificate error notification screens.
It is possible but because there should anyway be a way to decrypt it back (aMember should read it later, is not it?) it will be only imitation of security. Normally, on correctly configured webhosting, nobody can read your sessions. And of course, there are no ways to access it from outside the server.
guys, thanks for the replies. https: can u give me a recommended place? alex: the forum doesn't give replies when u are subscribed to your own thread. this is a problem, since u never know when someone has replied to your questions posted. i have mentioned this in another thread before. if you are having trouble fixing it, if you pay me enough money, i'll fix it for you.
omar.. regarding https:// you just need to get a SSL certificate and have it installed on your server. You will also have to have a static IP address as a part of the process. Your hosting provider should be able to help you with all 3 items. Regarding not getting replies to threads you start, you can set this in the options menu of the forum (http://www.amember.com/forum/profile.php?do=editoptions) Specifically the: set it to instant email notifications and any future threads you create will be automatically subscribed to. for existing you can subscribe via the "Thread tools" menu when reading the message, or for this thread specifically: http://www.amember.com/forum/subscription.php?do=addsubscription&t=8232 Hope this helps.