Forum Discussion
hooleylist
Apr 11, 2012Cirrostratus
Keep in mind that a malicious user could easily change the value of the disabled field using an interception proxy. It would probably be more secure to parse the username from the cert and store that in an APM session variable instead of taking it from the user's request.
Aaron