>
> > This is a simple security issue. I pass my msgId just like id=816421 for
> > example. Try changing the id numbers see what happens.
I try that and a message of something like "message does not exist" so I
try some other consecutive numbers but never got to see other messages .
not allowing users to modify url its always good
> >
> > However, you will never be able to view anyone elses messages .
>
> >
> > There is no protection against url variables. I know.
> >
> > --Ali
> >
> >
> >
> >
>
>
>========================================================================
> This list server is Powered by iMS
> 'The Swiss Army Knife of Mail Servers'
> --------------------------------------
>To leave this list please complete the form at
>http://www.CoolFusion.com/iMS.htm
>
>List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
>========================================================================
********************************************
* Ing. Guillermo Dewey Guerra
* Metro Solutions S.A. de C.V.
* [EMAIL PROTECTED]
* ICQ: 25876549 (GDewey)
*
* http://www.metro.com.mx
* http://www.ablecommerce.com.mx
*
* Tel. (011) (52) (8) 3-90-7000
* Fax (011) (52) (8) 3-90-7001
* Cel. (011) (52) (044) (8) 3-09-24-16
* Monterrey N.L. Mexico
********************************************
========================================================================
This list server is Powered by iMS
'The Swiss Army Knife of Mail Servers'
--------------------------------------
To leave this list please complete the form at
http://www.CoolFusion.com/iMS.htm
List archives: http://www.mail-archive.com/infusion-email%40eoscape.com/
========================================================================
