[pmwiki-users] Farms and security

Alexander Dietrich alexander at dietrich.cx
Thu Jun 5 05:45:07 CDT 2008


Hello,

I recently turned my PmWiki installation into a farm, and came across the comment
dealing with PHP session cookie names for preventing accidental privilege elevation.
This got me thinking: if the only thing right now stopping a user from getting
incorrect privileges on another field, couldn't a malicious user still exploit this
by simply copying the session cookie value?

User authentication and access control does not have this probem, right?

Best regards,
Alexander
-- 
Alexander Dietrich <alexander at dietrich.cx>



More information about the pmwiki-users mailing list