What new or enhanced feature are you proposing?
Configure the email notification so as not to include sensitive information.
What goal would this enhancement help you achieve?
Emails sent out include the auth cookie for the request. Replacing this in
your cookie allows you to impersonate the user. Would like to use email
notices of error (with a link to elmah.axd?) but can't with this vulnerability.
Original issue reported on code.google.com by peter.fr...@gmail.com on 6 Nov 2009 at 9:05
Original issue reported on code.google.com by
peter.fr...@gmail.com
on 6 Nov 2009 at 9:05