I'm working with Abhinav on this project and I'm a little confused.
I understand this part:
"...create a generic user account for the Calendar. Then you create a page that checks the Wordpress authenticaton to make sure a user has the rights to access the calendar. In that page, if authentication is successful, you redirect the user to the events manager using the generic user account you previously created."
My question is,
I read the instructions in this article: Bypass the login screen?
which say to pass the credentials to the script like this:
it's my understanding that if we do a redirect in php then the querystring information that contains the username and password would be sent in plain text down to the browser and the browser will then send a request to the server to ask for the page to redirect to.
Isn't this a big security hole?
or am I missing something...?
Last edited by thall; 04-07-2006 at 01:22 AM.