Restricted content freely available when using ID#

In this board you can talk about general questions about phpMyFAQ

Moderator: Thorsten

Post Reply
tipsen
Posts: 10
Joined: Mon Jul 02, 2007 10:11 am

Restricted content freely available when using ID#

Post by tipsen »

FAQ entries which are restricted to members of a specific group are freely available to anonymous users when searching for the entry's ID#. Of course this is not easy but since the IDs are sequential it's not too difficult to guess different IDs and perhaps gain access to otherwise restricted content!
Top
Thorsten
Posts: 15741
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:
Contact Thorsten

Post by Thorsten »

Hi,

right... can you add this to the bugtracker?

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
Top
tipsen
Posts: 10
Joined: Mon Jul 02, 2007 10:11 am

Post by tipsen »

Thorsten wrote:right... can you add this to the bugtracker?
Done!
Top
Post Reply

Return to “General discussions”