I came across this blog few days ago, it was a great spot, thought I posted here to help me easy to remember it.
The hole seems to be found in the new version of Rails 2.3, HTTP digest Authentication. You can log in even without an username and password. But HTTP basic authetication doesn't seems to have this problem.
Anyway, read it more here at Nate's Blog
No comments:
Post a Comment