> would
> just enter it! This is only a threat if your admin pages are not
> secured.
>
Not true. Possibly the security exists at request time as opposed to
execute time. In other words, it may be possible to execute a page you
normally wouldn't be able to since the .forward could potentially get
around some built-in security. For example, if you applied your
security to a directory at the web service level, the .forward would be
a way to get around that.
-Matt
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings]
