[imp] Faking the login

Barry Flanagan barryf-imp@digiserve.ie
Thu, 10 Jan 2002 10:53:24 +0000


On Wednesday 09 January 2002 19:12, you wrote:
> Barry Flanagan wrote:
> > On Wednesday 09 January 2002 17:32, you wrote:
> > > Hello.
> > >
> > > Does anyone know if I can "fake" a login to IMP like I could with
> > > "remote_login.php3" in PHP 2, by passing the appropriate variables to
> > > the script somehow.
> >
> > Use imp/redirect.php as your form ACTION, and post hidden vars 'imapuser'
> > and 'pass'
>
> This will work, but it is a security risk (unless all visitors are
> inside intranet).
>
> The hidden vars appear in page source, and consequently on any
> (transparent) cache on the way.

Yes, just like the old "remote_login.php3" from 2.x which he wants to 
replicate.

I never said it was a good idea ('though I should have pointed out that it 
was not)

-- 

-Barry Flanagan