Page 199 of 211,273, showing 20 records out of 4,225,449 total, starting on record 3,961, ending on 3,980
# | Username | Text | |
---|---|---|---|
# | Aug 7th 2008, 20:56 | lqdice__ | bah dammit |
# | Aug 7th 2008, 20:56 | zeeneo | someone has a fix somewhere |
# | Aug 7th 2008, 20:56 | lqdice__ | anyone got a quick fix ? |
# | Aug 7th 2008, 20:57 | markstory | lqdice__: no auth! |
# | Aug 7th 2008, 20:57 | markstory | ) |
# | Aug 7th 2008, 20:57 | lqdice__ | i found one but its editing core files |
# | Aug 7th 2008, 20:57 | lqdice__ | i can easily send the session id but cake checks for more than that |
# | Aug 7th 2008, 20:57 | zeeneo | you do it in the javascript |
# | Aug 7th 2008, 20:58 | lqdice__ | zeeneo: do you have a link or know where it was ? |
# | Aug 7th 2008, 20:58 | zeeneo | can't find it :| |
# | Aug 7th 2008, 20:59 | markstory | lqdice__: check the swfupload docs? I'm sure this has happened before. |
# | Aug 7th 2008, 20:59 | lqdice__ | markstory: yeah but cake does some fancy session checking |
# | Aug 7th 2008, 20:59 | markstory | with someone else. perhaps not with cake but with other session authenticated processes. |
# | Aug 7th 2008, 20:59 | lqdice__ | usually you can get by just by sending the session id |
# | Aug 7th 2008, 20:59 | markstory | lqdice__: it checks a bunch of stuff in the headers too. |
# | Aug 7th 2008, 21:00 | markstory | compares a useragent string hash to that in the session. |
# | Aug 7th 2008, 21:00 | markstory | helps stop session hijacking. |
# | Aug 7th 2008, 21:00 | zeeneo | i know |
# | Aug 7th 2008, 21:00 | markstory | which is what you are trying to do. |
# | Aug 7th 2008, 21:00 | lqdice__ | markstory: yeah i might have to knock it down to medium security.. maybe i can do that just for 1 action |