Shockro, The danger is also in variables. Pretend that I get you to click on this link from within your custom intranet mail app. badguyat_private">http://intranet.example.com/mailbox.asp?action=forward&item=all&recipient=badguyat_private It would forward all of your mail to badguyat_private This would work because you already have a session with mailbox.asp. Of course mailbox.asp is fake but you get the idea. -Cassius ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:33:28 PDT