Security concern

Please report bugs here!

Moderator: Thorsten

Post Reply
Tinman
Posts: 19
Joined: Sun May 09, 2010 3:34 pm

Security concern

Post by Tinman » Fri Jun 18, 2010 3:51 pm

I noticed that if i log in as a user of a certain group, then view a restricted FAQ and copy the URL, if I log back out, and paste the URL in the address bar and attempt to view it, it blocks the FAQ and says "currently under revision". That's great! However, on the right had side, the Records in this category still displays the names of other documents in the restricted category.

While a user without proper authentication still can't view the contents of those other records, the fact that they can see the names of them is a little less secure than I'd prefer.

Thorsten
Posts: 14731
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Security concern

Post by Thorsten » Fri Jun 18, 2010 4:55 pm

Hi,

you are right... I'll check this to improve the non-visibility of secured content.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

Tinman
Posts: 19
Joined: Sun May 09, 2010 3:34 pm

Re: Security concern

Post by Tinman » Thu Jun 24, 2010 3:53 pm

In the process of organizing our data, I've created sub directories with some documents private and some documents public. When viewing the FAQ as guest who hasn't logged in, private documents don't show, but there's a counter that shows how many public and private documents exist in that folder. Much like the names of other FAQ's being listed on the side, it would be preferable not to let guests even be aware of documents they're unable to access.

Is there any way to disable the counter showing how many documents are in a directory?

Is there any way to disable the counter showing how many times a FAQ has been viewed?

Thank you.

Thorsten
Posts: 14731
Joined: Tue Sep 25, 2001 11:14 am
Location: #phpmyfaq
Contact:

Re: Security concern

Post by Thorsten » Thu Jun 24, 2010 7:55 pm

Hi,

currently you can only remove this from the code. Sorry.

bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist

Post Reply