Security hole?
Peter Haworth
pete at lcsql.com
Mon Jul 14 22:28:07 EDT 2014
I can't decide if this is a problem or not but the revAvailableHandlers
function happily returns information about handlers in a password protected
stack without requiring the password.
I guess it's not actually showing any code but feels like it should act the
same as trying to get the script of a password protected stack.
Pete
lcSQL Software <http://www.lcsql.com>
Home of lcStackBrowser <http://www.lcsql.com/lcstackbrowser.html> and
SQLiteAdmin <http://www.lcsql.com/sqliteadmin.html>
More information about the use-livecode
mailing list