[pmwiki-users] EnableDiag
Patrick R. Michaud
pmichaud at pobox.com
Fri Mar 2 08:28:13 CST 2007
On Fri, Mar 02, 2007 at 10:32:54AM +0100, Oliver Betz wrote:
> Patrick R. Michaud wrote:
>
> [...]
>
> > ?action=diag:
> > * All global variables in effect at the time of execution
>
> ...for example [AuthId] an [AuthPw] containing current user name and
> passwords in _plain text_. So as long as someone doesn'd log out or
> close the browser, I can get his username and password(s) from his
> browser easily.
Agreed -- for any particular browser session, one would be able
to see any passwords entered during that session.
Pm
More information about the pmwiki-users
mailing list