Hello, > I don't think it is a problem of Security, but it is at least > a problem of unneeded Information Disclosure.
Yes, it's quite ugly to have a (static) userid in the URL.. Many webmail systems share this 'design bug' .. But this is a minor problem: you can't hijack a webmail session with this information, you'd also need to steal a cookie from the user.. > I personnally think that this is a problem because: > 1.) You are identifiable via the email address > 2.) a spammer could use your email address I doubt that someone will use the referer to identify a user.. It is much easyer to include the email address [or a key] in the sent link, many spammers are doing this to verify accounts... and this method works with every MUA - Adrian _______________________________________________ swinog mailing list [EMAIL PROTECTED] http://lists.init7.net/cgi-bin/mailman/listinfo/swinog
