In the latest CVS version, this is no longer the case. See http://nagoya.apache.org/bugzilla/show_bug.cgi?id=15968 for more info.
jim arnott Reuters R&D On Wed, 15 Jan 2003, Brad Straw wrote: > Hi, > > I have seen one other reference in the mailing list regarding a security hole, but I >want to clarify this issue. The following url is displayed on the address bar: > > >http://localhost:8080/portal/media-type/html/user/bstraw001/page/default.psml/js_pane/P-f2c3135036-10001 > > This url design was not present in version 1.3a2. > > By substituting the userid with another valid userid, I can see the other user's >content. > > Any thoughts? Mitigating controls? Missed configuration? > > __________________________________________________________________ > The NEW Netscape 7.0 browser is now available. Upgrade now! >http://channels.netscape.com/ns/browsers/download.jsp > > Get your own FREE, personal Netscape Mail account today at >http://webmail.netscape.com/ > > -- > To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:[EMAIL PROTECTED]> > > -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
