[horde] Security hole?
Michael M Slusarz
slusarz at horde.org
Wed May 3 09:13:01 PDT 2006
Quoting myhorde at nbiss.com:
> This came from the outside user and I don't have any.
> There was also a lot of other stuff from the same IP.
> My question is : is it possible to send this URL directly and receive
> a valid response without having valid session?
No. in the case you gave, horde/services/download/index.php calls
imp/view.php which calls imp/lib/base.php which is where we do
authentication.
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the horde
mailing list