Web Connection
Re: Direct Access
Messages
Reply
Edit
Delete
Dec. 21, 2012
10:13 am
3O80LWM68![Show this entire thread in new window]()
10:13 am
3O80LWM68
| From: | Arnold |
| To: | Potter Orr |
That is a known issue in web applications...
What you need to do is use sessions to track users...and deny access when the session is not what it should be...
Hope this helps...
Arnold
A user of my WestWind page emailed me to say that he could bypass the login process completely once he had ever logged. He sent me a screen shot that shows: myalbat.org/Person1.alb?Id=%20%2020138204 in the address bar.
I types that into the address bar from my computer and it took me straight to his page - something I never should have been able to do. What have I missed? The last 6 digits of that address is the serial number of his record and if I change that number, I can see other people too.
Potter