As I was growing happier with my understanding of the Sausalito architecture, and showing off to my collaborators, on of them brought something to my attentions has made me a bit uneasy: the URLs for ALL the interface are embeded in javascript code in the base page for the frameset of any logged in user. You can see for yourselves, just log in as any unprivileged user, click on view page source (for the main frame page), and there you are, links you can cut and paste in your browser after the :444. Altough it does not abbide to any change you try to make (I have even set up a page to be displayed in the big center-right frame, the data is sent but produces lots of errors), it reveals information that is certainly not for public consumption. It's is not my style to point at an error without giving a solution or, at least, having investigated. I have not yet discovered what is it, but I'm mostly sure there is something wrong in the access rights checking in SiteMap.php, maybe someone at Cobalt can shed some ligth. It is too late in my time zone to go on now. Worried-about-backdoors-ly yours, Vic ------------------------------------------------------------------------------- G & S Sistemas de Informacion, S.L. | Phones: Victoriano Giralt | Land line: +34-952-207-048 Chief Consultant and Owner | Mobile: +34-670-332-720 Torre de San Telmo, 8 | Fax: Use e-mail, looks nicer E-29018 Malaga (Spain) | E-mail: [EMAIL PROTECTED] Member of ISOC (Andalusian Chapter) | http://www.gssi.es/ ------------------------------------------------------------------------------- _______________________________________________ cobalt-developers mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-developers
