Access Control and Security Through Obscurity                               Chapter 8

            Now we're going to click through to the Client side lesson:
































            Landing on the page, we can immediately see a couple of hidden fields of interest. We also
            get the gist of the lessonbwe're a disgruntled employee that wants to get the personal info
            of our CEO, even though we (naturally) don't have access to itband what it is that we're
            trying to subvert: a small, employee directory application.


























                                                    [ 139 ]