[imp] Faking the login
Barry Flanagan
barryf-imp@digiserve.ie
Thu, 10 Jan 2002 10:53:24 +0000
On Wednesday 09 January 2002 19:12, you wrote:
> Barry Flanagan wrote:
> > On Wednesday 09 January 2002 17:32, you wrote:
> > > Hello.
> > >
> > > Does anyone know if I can "fake" a login to IMP like I could with
> > > "remote_login.php3" in PHP 2, by passing the appropriate variables to
> > > the script somehow.
> >
> > Use imp/redirect.php as your form ACTION, and post hidden vars 'imapuser'
> > and 'pass'
>
> This will work, but it is a security risk (unless all visitors are
> inside intranet).
>
> The hidden vars appear in page source, and consequently on any
> (transparent) cache on the way.
Yes, just like the old "remote_login.php3" from 2.x which he wants to
replicate.
I never said it was a good idea ('though I should have pointed out that it
was not)
--
-Barry Flanagan