[pmwiki-users] Farms and security
alexander at dietrich.cx
Thu Jun 5 05:45:07 CDT 2008
I recently turned my PmWiki installation into a farm, and came across the comment
dealing with PHP session cookie names for preventing accidental privilege elevation.
This got me thinking: if the only thing right now stopping a user from getting
incorrect privileges on another field, couldn't a malicious user still exploit this
by simply copying the session cookie value?
User authentication and access control does not have this probem, right?
Alexander Dietrich <alexander at dietrich.cx>
More information about the pmwiki-users