#26 When going between "Bobb's" programs user may auto-login

0.9.3
closed-fixed
Security (23)
4
2005-08-30
2005-08-30
No

Due to the design of PHP Sessions, if a user goes from
one of "Bobb's" programs (File Manage/PHP Guestbook
Admin/etc) on the same server and has the same username
and password they will automatically be logged in.
Since they will have needed to be the same username and
password, this isn't much of a security problem, but a
problem nonetheless.

Discussion

  • Brandon Nimon

    Brandon Nimon - 2005-08-30

    Logged In: YES
    user_id=1049916

    Now it checks the accessed file's path and references it
    against the PHP session info.

     
  • Brandon Nimon

    Brandon Nimon - 2005-08-30
    • assigned_to: nobody --> bnimon
    • status: open --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks