Has anyone tried this security script?

Anon

I am the author of Wiggem a session utilizing security script. Some people have said that they found it off of this site and I was wondering if any of the regulars had checked it out.

Any bit of critisizm constructive or not is welcomed...

http://phpwiggem.sourceforge.net

Steve

maxholman

If you can access logininc.php through a URL, gaining access is trivial...

http://www.example.com/wiggem/logininc.php?isloggedin=12dc34fd51d4fe5929912ecbaa49e0d0&username=1&cn=1

Of course, include files should never be available in the document root, but you never know what some people might do...

Max

Anon

Thank you for the feedback I will have to throw that in the docs that they need to change the permissions or put it behind the doc root.

Thanks for the input..

Steve