On Wed, 6 Jan 1999, Simeon ben Nevel wrote:
> I use Marc-Search by Eric Friedman.
(...)
> Downsides:
(...)
I use it too, but I have found a security hole in it.
If you have two mail archives on the same (virtual) server, one public and
one with restricted access, both with marc-search, anyone can search the
restricted mail archive by forging the referer of the http call to point
at the restricted mail archive.
-----------------------------------------------------------------
Mats Dufberg [EMAIL PROTECTED]