Security hole?

Peter Haworth pete at lcsql.com
Mon Jul 14 22:28:07 EDT 2014


I can't decide if this is a problem or not but the revAvailableHandlers
function happily returns information about handlers in a password protected
stack without requiring the password.

I guess it's not actually showing any code but feels like it should act the
same as trying to get the script of a password protected stack.

Pete
lcSQL Software <http://www.lcsql.com>
Home of lcStackBrowser <http://www.lcsql.com/lcstackbrowser.html> and
SQLiteAdmin <http://www.lcsql.com/sqliteadmin.html>



More information about the use-livecode mailing list