note
ant
Hi Mirod <br>
Thanks for the brief explanation. It's cleared up a misty<br>
point or two. Just a thought on the last paragraph really<br>
if a legal user came in to the directory through .htaccess, <br>
then they could enter someone elses username into the web page<br>
and submit that file, which makes .htaccess a little useless <br>
against legal users playing around with user names.<br>
Unfortunately user names are very easy to pick up through <br>
our organisation, as they are the same as the individual email name.<br>
I think the one way forward is to create a timestamp/username <br>
variable and enter that into a table/file when the user enters the<br>
system and to remove it after the person has left. Then <br>
when a person enters a web page, we take the user variable<br>
and check it against the user variable in the table/file.<br>
That seems like a more workable solution to me<br>
Many thanks for the info.<br>
Anthony<br>
90687
90728