This particular security hole is not related to cookies... although others are.
-Norm -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Rick Leske Sent: Friday, June 14, 2002 8:16 PM To: [EMAIL PROTECTED] Subject: Re: [IMail Forum] Possible security flaw John, I see in version 7.1 help file: 6. Turn on Ignore source address in security check if you want the web server to ignore the IP address that requested the page. This can be useful with some firewalls and with service providers that use dynamic IP addresses (such as America Online). (Normally, the web server checks the IP address that requested the page against the IP address from which the user logged on.) Does this mean to leave it unchecked to stop the hole? If I check the box isn't it suppose to ignore the ip address? ~So leaving it unchecked would force the security check right? maybe they should say.. "Place a checkmark in the box" to disable the security check and to keep aol customers happy? Is their anyway to force a cookie dump via cgi script to one of the templates that whould hopefully disable the hole? or rather 'flaw'. ~Rick Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
