Hello, I recently turned my PmWiki installation into a farm, and came across the comment dealing with PHP session cookie names for preventing accidental privilege elevation. This got me thinking: if the only thing right now stopping a user from getting incorrect privileges on another field, couldn't a malicious user still exploit this by simply copying the session cookie value?
User authentication and access control does not have this probem, right? Best regards, Alexander -- Alexander Dietrich <[EMAIL PROTECTED]> _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
