Mercule said:As a developer for the same platform (ASP.NET) WotC is using, that security won't be hard to toggle. Doing it the way they did had to have been a conscious choice.
withak said:Expecting or even worrying about this specific problem persisting into the production version of D&DI is, IMHO, just a tad silly.
You're missing the point again. Go back and reread all of my posts in this thread. When you first quoted me, you were referencing a reply I made to a blanket comment about authentication/authorisation in web apps, not in specific reference to DDI. Again, my comment to which you've been responding has nothing to do with DDI.withak said:Then what is left to discuss? This really is a non-issue.
This security "hole" has existed in D&DI for months now. Presumably, it's been left open to allow content access to those who have had problems logging in, myself included. Once D&DI subscriptions go live, it stands to reason that the powers that be will implement something a bit more robust.
Campbell said:It actually looks like Wizards' site is still using Classic ASP.
Scott_Rouse said:So what the deal with this interweb page thingy everyone is talking about?![]()