[pmwiki-users] PmWiki session variables
Alexander Dietrich
alexander at dietrich.cx
Mon Jun 23 07:03:23 CDT 2008
Hi,
I asked a question about this about two weeks ago, so I think it's ok to repost:
-----
I recently turned my PmWiki installation into a farm, and came across the comment
dealing with PHP session cookie names for preventing accidental privilege elevation.
This got me thinking: if the only thing right now stopping a user from getting
incorrect privileges on another field, couldn't a malicious user still exploit this
by simply copying the session cookie value?
-----
Best,
Alexander
--
Alexander Dietrich <alexander at dietrich.cx>
More information about the pmwiki-users
mailing list