On the web server there are some security issues surrounding the session handling. If I use for instance
wget 'http://profilux/user.html?namd=Guest&pass=something'
to download the user page then when I open a browser on the same machine I'm automatically logged in. This makes it easy from someone to take over your connection. Connection handling should not be done on a per machine basis as it seems to be done.
I would like to see the following features:
- Proper session handling
- The ability to have the web server only allow access to user.html, while disable the option to log in ass admin to do changes.
Bookmarks