Security hole in WebDirect
Operating system version
Description of the issue
In the URL of the WebDirect Site, everyone can see which layout is actually shown. With a little guess and try the user can gain access to secret layouts.
In my eyes it is a big security hole.
To use unguessable names for layouts is not a solution.
Steps to reproduce the problem
Stay at version 12 with IWP.