Following upon the letter of Friday, June 15, 2001: RMS> This is a *very* interesting finding. It seems kind of obvious RMS> too. I wonder why no one seems to have run across it before. It reminds me "Client Side Trojans" thread. Also similar problem with authorization have been described at tools-on.net ("Web and your privacy" section). The problem is that once authorised you don't have to enter password again if you are redirected to some form inside protected (via .htaccess, cookie, etc) area. Best regards, Alexander --------------------------------------------------------------- MCP+I, MCSE, BrainBench certificates http://leader.ru http://tools-on.net ---------------------------------------------------------------
This archive was generated by hypermail 2b30 : Sat Jun 16 2001 - 12:03:56 PDT