|
 |
Skiba <abx### [at] babilon org> wrote:
>> or turn off that particular cookie.
>
> That's solution. But page could aware about it somehow becouse I looks more
> like MS IntelliAutoSomething (just my personal opinion)
Well, while its use may not be visible immediately, once posting in the web
news interface really works, it will be a bit more convenient as it will
(for the time being) require authorization for each post.
>> Actually, I spend a lot of time to make the secure.
>
> Great!
BTW, it had to do with how the cookie stores the user information. At first
it would store the userid, which happens to be the same ID used when viewing
user profiles in the world map. So before I added protection of it one
could just take the userid from there and plug it into the cookie and then
see the private email address. That is no longer possible thanks to
additional validation of the cookie. Anyway, I am just mentioning this as
anybody who might try to implement something similar may not immediately
think of such a loophole ;-)
Thorsten
____________________________________________________
Thorsten Froehlich, Duisburg, Germany
e-mail: tho### [at] trfde
Visit POV-Ray on the web: http://mac.povray.org
Post a reply to this message
|
|
