>An erroneous assumption does not a SECURITY LEAK make, when the docs
>clearly state the facts.
Strictly thats not true if its easy to leave a loophole through not
reading the docs (in detail) that mistake is going to be made by many
people. Some 'damage' is bound to have been done just because
its all too easy to setup like this and cause a security leak (potential
or actual). I wouldnt be suprised if some managemnts immediately
pulled some plugs. Equally I wouldnt be suprised if on some sites
people are exploiting this hole and keeping quite.
Dont get me wrong you know whose side I am on....