On Fri Aug 31, 2007 at 13:35:46 +0200, Alessandro De Zorzi wrote: > PHP frontend manage LDAP database only, login use a real LDAP DN > so ACL permission set in /etc/ldap/phamm.acl set right write/read > permission on the database so PHP bug is not real danger for database.
If the logins sessions are stored in a cookie they could be stolen and the account compromised. > This is a on-line demo (unstable version) > http://demo.phamm.org/phamm05/www-data/main.php > > (Login with manager:rhx) Sure. Now take a look here: http://demo.phamm.org/phamm05/www-data/main.php?action=modify_account&[EMAIL PROTECTED] Steve -- Debian GNU/Linux System Administration http://www.debian-administration.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
