4images Forum & Community

4images Issues / Ausgaben => Discussion & Troubleshooting => Topic started by: kindian on July 16, 2005, 11:13:39 AM

Title: Important Security Issue
Post by: kindian on July 16, 2005, 11:13:39 AM

One user mailed me today saying that he sent a link to his photo to a friend. His friend saw his photo and kinda logged in with his username, they even tryed to change the profile and it worked. The link the user sent to his friend contained the session id. How can I fix that. I've already tryed to use the MOD to make the url google friendly, but it didnt work. Anyone else with this problem?

Title: Re: Important Security Issue
Post by: V@no on July 16, 2005, 06:52:20 PM

Quote from: kindian on July 16, 2005, 11:13:39 AM

How can I fix that.

just dont send url with sessionid , thats plain simple...

P.S. its covered in FAQ.

Title: Re: Important Security Issue
Post by: V@no on July 16, 2005, 08:00:02 PM

ok, try this fix:
http://www.4homepages.de/forum/index.php?topic=8895.0

Title: Re: Important Security Issue
Post by: kindian on July 17, 2005, 03:42:24 AM

Thanks Vano. It seems it is working.