24 Oct
2003
24 Oct
'03
4:58 p.m.
On 24 Oct 2003 at 10:35, Stefan H. Holek wrote:
Why is everybody so obsessed with AUTHENTICATED_USER? This variable is not suitable for anything deserving the name "security". It is NOT SAFE to assume that it will contain anything useful.
Thanks for bringing this up. I've changed my code. I had thought that AUTHENTICATED_USER was "a special attribute of REQUEST". -- Brad Clements, bkc@murkworks.com (315)268-1000 http://www.murkworks.com (315)268-9812 Fax http://www.wecanstopspam.org/ AOL-IM: BKClements