On Fri, Mar 02, 2007 at 10:32:54AM +0100, Oliver Betz wrote: > Patrick R. Michaud wrote: > > [...] > > > ?action=diag: > > * All global variables in effect at the time of execution > > ...for example [AuthId] an [AuthPw] containing current user name and > passwords in _plain text_. So as long as someone doesn'd log out or > close the browser, I can get his username and password(s) from his > browser easily.
Agreed -- for any particular browser session, one would be able to see any passwords entered during that session. Pm _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
