[pmwiki-users] EnableDiag

[Oliver Betz]

Patrick R. Michaud wrote:

[...]

> ?action=diag:  
>   * All global variables in effect at the time of execution

...for example [AuthId] an [AuthPw] containing current user name and 
passwords in _plain text_. So as long as someone doesn'd log out or 
close the browser, I can get his username and password(s) from his 
browser easily.

This could be an issue in a company environment.

Oliver
-- 
Oliver Betz, Muenchen