[thesite] aeo: login page, security risk?
Daniel J. Cody
djc at starkmedia.com
Thu Aug 30 10:28:28 CDT 2001
i don't think pushing two textboxes on people is too big an issue..
point taken garrett, thanks for bringing it up :)
.djc.
Garrett Coakley wrote:
> On Thu, 30 Aug 2001 10:25:10 +0930, "isaac" <isaac at members.evolt.org>
> wrote:
>
>
>>It's certainly a valid concern. Not particularly crucial given that
>>usernames are listed on WEO openly, but still...
>>
>
> Well, although the usernames are there on weo, you have no way of
> knowing who out of the total membership is authorised to access
> aeo. I'm thinking more from the point of view of someone outside
> of the evolt group.
>
> For someone with "bad intentions" who has stumbled across aeo, right off
> the bat they have a list of people they know who can access this
> resource (and even better, it has 'admin' in the url, so there's got to
> be something juicy behind the authentication procedure right?).
>
> Their next step is going to be finding the second half of the key.
More information about the thesite
mailing list