Hi, I asked a question about this about two weeks ago, so I think it's ok to repost:
----- I recently turned my PmWiki installation into a farm, and came across the comment dealing with PHP session cookie names for preventing accidental privilege elevation. This got me thinking: if the only thing right now stopping a user from getting incorrect privileges on another field, couldn't a malicious user still exploit this by simply copying the session cookie value? ----- Best, Alexander -- Alexander Dietrich <[EMAIL PROTECTED]> _______________________________________________ pmwiki-users mailing list [email protected] http://www.pmichaud.com/mailman/listinfo/pmwiki-users
