Chris Cormack wrote:
Yep you might be able to do that, but all you would get is an md5
string, we have just rewritten the authentication module using
CGI::Session for 3.0.
And it wouldn't be any use to you, unless you were also spoofing the ip
of the of machine that created that particular ses
On 30/08/2007, at 9:47 PM, Rick Welykochy wrote:
[moved to Koha-devel] ...
Chris Cormack wrote:
We did fix this up a while back for the opac, but overtime
vulnerabilities might have crept back in. I'm not too worried
about the intranet side, if someone malicious has access to that,
you
[moved to Koha-devel] ...
Chris Cormack wrote:
We did fix this up a while back for the opac, but overtime
vulnerabilities might have crept back in. I'm not too worried about the
intranet side, if someone malicious has access to that, you have bigger
problems than xss :-) But Id certainly lik
