Web Apps

Login without login. Bug or Feature?

After login on page "http://atys.ryzom.com/start/index.php" and follow the link to the forum or mail, the browser shows these url's

http://app.ryzom.com/app_forum/?shardid=102&name=CHARNAME& ;cid=1234567&lang=de&authkey=abcdef1234567890abcdef123456 7890

http://atys.ryzom.com/start/app_mail.php?shardid=102&name=CHA RNAME&cid=1234567&lang=de&authkey=abcdef1234567890abc def1234567890

If you use these links, no login with name and password longer required and you can go directly to the forum- or mail application, ...

I think, for using this at home it is feature, but at public places it is a security problem or?

Session ID's can be a solution :)
Show topic
Last visit Mon Nov 30 14:03:21 2020 UTC

powered by ryzom-api