[Typo3-dev] Security Problem - HTML

[René Fritz]

Hi

I read the note on heise.de which I found described a little confusing and not 
very clear.
But they say: "Because TYPO3 don't check the users IP address ...".

So why not make the security stronger than to make workarounds. Which means to 
include the IP from where a user logged in, in the current session.

Then an attacker have to steal the cookie AND have to simulate the IP which is 
really hard to do.

René

-- 
COLORCUBE
digital media lab

www.colorcube.de