Quantcast
Channel: West Wind Message Board Messages
Viewing all articles
Browse latest Browse all 10393

Re: Direct Access

$
0
0
Re: Direct Access
Web Connection
Re: Direct Access
Dec. 21, 2012
10:13 am
3O80LWM68Show this entire thread in new window
Gratar Image based on email address
From:Arnold
To:Potter Orr
Potter
That is a known issue in web applications...
What you need to do is use sessions to track users...and deny access when the session is not what it should be...
Hope this helps...
Arnold


A user of my WestWind page emailed me to say that he could bypass the login process completely once he had ever logged. He sent me a screen shot that shows: myalbat.org/Person1.alb?Id=%20%2020138204 in the address bar.

I types that into the address bar from my computer and it took me straight to his page - something I never should have been able to do. What have I missed? The last 6 digits of that address is the serial number of his record and if I change that number, I can see other people too.

Potter


Viewing all articles
Browse latest Browse all 10393

Trending Articles