[Imc-web] Security Issue
Mike Lehman
rebelmike at earthlink.net
Wed Feb 11 11:20:59 CST 2004
This occured to me after the new install of Dada, but I'd forgotten about it until today. The new version puts out a cookie that recognizes you noyt only as a user, but also as an editor. What happens is that once you've signed on as an editor on a machine that takes cookies (I know I can turn this off, but it would be a pain to do everytime I visit UC IMC) anyone who uses the machine afterwards can also go to the website and be recognized as an editor.
This is a problem for me at work, as I use an ancient Mac that has an equally ancient version of Explorer as its browser. I have the UC IMC editor pagebookmarked. Unfortunately, there appears to be no way to edit bookmarks in this antique, so anyone else who uses the machine can simply become an IMC editor by following the bookmark which I can't delete. I think I can kill all the bookmarks and start over, but that would only partially solve the real issue, as well as being poor form on a shared machine.
Is it possible to kill the cookies, just for the editor screen or otherwise configure things so that an editor has to log on specifically to edit? It might be a good idea.
Mike Lehman
More information about the IMC-Web
mailing list