Ashiff
|
Posted: 10/08/2003, 10:22 AM |
|
Hi,
i am disheartened to say that I hacked into my own website made from codecharge studio.
We all know that when we use a table authentication, a session id is created and has all the details in it. Now a viewer with group_id=1 (least priority logs in) then searches his PC for a session created and finally finds out his session variable and changes his group_id to say 30, so all pages are accessible to him.
Can someone help me out of this situation please. Is there a better way to handle this
|
|
|
AshiffHi,
|
Posted: 10/08/2003, 10:31 AM |
|
|
|
|
AshiffHi,
|
Posted: 10/08/2003, 10:31 AM |
|
|
|
|
Ashiff
|
Posted: 10/08/2003, 1:25 PM |
|
Hi,
I was running it on localhost and the session variable was stored there, so I confused myself. Sorry to bother everyone.
If the codecharger team is angry with me then please note that I was only wanting it to be safer.
Please remove this thread if viewers are confused.!!!
|
|
|
|