----- Original Message -----
From: "Ali Jaffrey" <[EMAIL PROTECTED]>
To: "Guillermo Dewey" <[EMAIL PROTECTED]>
Sent: Thursday, November 30, 2000 5:24 PM
Subject: Re: secutity isue
>
> Hi Dewy,
>
> > just wanted to tell you that anybody that logs into any account can
chance
> > manually the message ID allowing to read somebody else messages
>
> This is a simple security issue. I pass my msgId just like id=816421 for
> example. Try changing the id numbers see what happens.
>
> However, you will never be able to view anyone elses messages .
>
> There is no protection against url variables. I know.
>
> --Ali
>
>
>
>
========================================================================
This list server is Powered by iMS
'The Swiss Army Knife of Mail Servers'
--------------------------------------
To leave this list please complete the form at
http://www.CoolFusion.com/iMS.htm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
========================================================================
