Following upon the letter of Friday, June 15, 2001:
RMS> This is a *very* interesting finding. It seems kind of obvious
RMS> too. I wonder why no one seems to have run across it before.
It reminds me "Client Side Trojans" thread. Also similar problem with
authorization have been described at tools-on.net ("Web and your
privacy" section). The problem is that once authorised you don't have
to enter password again if you are redirected to some form inside
protected (via .htaccess, cookie, etc) area.
Best regards, Alexander
---------------------------------------------------------------
MCP+I, MCSE, BrainBench certificates
http://leader.ru http://tools-on.net
---------------------------------------------------------------
- The Dangers of Allowing Users to Post Images John Percival
- Re: The Dangers of Allowing Users to Post Images Sverre H. Huseby
- Re: The Dangers of Allowing Users to Post Ima... Tim Nowaczyk
- Re: The Dangers of Allowing Users to Post... Henrik Nordstrom
- Re: The Dangers of Allowing Users to ... Sverre H. Huseby
- Re: The Dangers of Allowing User... Henrik Nordstrom
- Re: The Dangers of Allowing Users to Post... Brett Lymn
- RE: The Dangers of Allowing Users to Post Images Richard M. Smith
- Re: The Dangers of Allowing Users to Post Ima... Marc Slemko
- Re: The Dangers of Allowing Users to Post Ima... Alexander K. Yezhov
- Re: The Dangers of Allowing Users to Post Images Ben Gollmer
- Cross-Site Request Forgeries (Re: The Dangers of ... Peter W
- Re: Cross-Site Request Forgeries (Re: The Dan... Chris Lambert
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post Ima... Ryan Kennedy
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post Images David Dreezer
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
- Re: The Dangers of Allowing Users to Post Images Chris Lambert
