John Horner wrote: > Maybe it's just me, but this: > > where the link would be download.php?filename=mypdf&type=pdf > looks terribly insecure to me -- I'm allowed to put whatever I want into > the URL until I find something interesting? > >I think I'd start with > > download.php?filename=../htpasswd&type= >
It's not just you! - Very insecure - breaks all the rules Chris Knowles ******************************************************************* List Guidelines: http://webstandardsgroup.org/mail/guidelines.cfm Unsubscribe: http://webstandardsgroup.org/join/unsubscribe.cfm Help: [EMAIL PROTECTED] *******************************************************************