Is a session variable secure enough for storing user password? - Joomla! Forum - community, help and support
hi all
i wish set e-mail accounts of site users (existing & new). idea would automartically logged in webmail account on login joomal. have basic code figured out have question re. how secure approach is.
i'm building module has following basic functionality;
when user logs in, check see if have e-mail account set (username@domain.com)
if no, auto set e-mail account via cpanel & inform user
if yes, check user account , report number of messages
in both cases, provide link webmail in wrapper (passing username & pass
key here obtaining users password. want user e0mail account have same user name , password joomla account. obviously, cannot obtain password user obhect ($my) or databse encrypted.
my solution modify joomla login function store user-entered password in session variable. have modified jos_sessions table include password field , updated joomla.php session class include variable.
now, when user logs in, password stored in session variable , module can pick , use e-mail account creation and/or checking.
my question: there issues in storing user password in session variable liuke this?
(i know requires joomla hack , i'm happy & re-implement on each update).
thanks
peter
i wish set e-mail accounts of site users (existing & new). idea would automartically logged in webmail account on login joomal. have basic code figured out have question re. how secure approach is.
i'm building module has following basic functionality;
when user logs in, check see if have e-mail account set (username@domain.com)
if no, auto set e-mail account via cpanel & inform user
if yes, check user account , report number of messages
in both cases, provide link webmail in wrapper (passing username & pass
key here obtaining users password. want user e0mail account have same user name , password joomla account. obviously, cannot obtain password user obhect ($my) or databse encrypted.
my solution modify joomla login function store user-entered password in session variable. have modified jos_sessions table include password field , updated joomla.php session class include variable.
now, when user logs in, password stored in session variable , module can pick , use e-mail account creation and/or checking.
my question: there issues in storing user password in session variable liuke this?
(i know requires joomla hack , i'm happy & re-implement on each update).
thanks
peter
Comments
Post a Comment