[imp] Faking the login
Milos Prudek
milos.prudek@tiscali.cz
Wed, 09 Jan 2002 20:12:05 +0100
Barry Flanagan wrote:
>
> On Wednesday 09 January 2002 17:32, you wrote:
> > Hello.
> >
> > Does anyone know if I can "fake" a login to IMP like I could with
> > "remote_login.php3" in PHP 2, by passing the appropriate variables to the
> > script somehow.
> >
>
> Use imp/redirect.php as your form ACTION, and post hidden vars 'imapuser' and
> 'pass'
This will work, but it is a security risk (unless all visitors are
inside intranet).
The hidden vars appear in page source, and consequently on any
(transparent) cache on the way.
--
Milos Prudek