[ic] Security problem?

[Jurgen Botz]

Hmm, it just occured to me that users can apparently update arbitrary
fields in the userdb by saving any form page and adding input fields
corresponding to column names in the userdb.  This will set IC values
and is the userdb is later saved will update any such fields.  I just
tried it and it seems to work.

Is there a way of preventhing this or is it just that by design you're
not supposed to put anything in the userdb that you want to prevent 
people from updating?  I note that the foundation userdb has some 
fields that it would appear the user should not be able to set, i.e.
"dealer".

Am I missing something?

:j


-- 
Jürgen Botz                       | While differing widely in the various
jurgen@botz.org                   | little bits we know, in our infinite
                                  | ignorance we are all equal. -Karl Popper