I noticed that if i log in as a user of a certain group, then view a restricted FAQ and copy the URL, if I log back out, and paste the URL in the address bar and attempt to view it, it blocks the FAQ and says "currently under revision". That's great! However, on the right had side, the Records in this category still displays the names of other documents in the restricted category.
While a user without proper authentication still can't view the contents of those other records, the fact that they can see the names of them is a little less secure than I'd prefer.
Security concern
Moderator: Thorsten
Re: Security concern
Hi,
you are right... I'll check this to improve the non-visibility of secured content.
bye
Thorsten
you are right... I'll check this to improve the non-visibility of secured content.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist
Re: Security concern
In the process of organizing our data, I've created sub directories with some documents private and some documents public. When viewing the FAQ as guest who hasn't logged in, private documents don't show, but there's a counter that shows how many public and private documents exist in that folder. Much like the names of other FAQ's being listed on the side, it would be preferable not to let guests even be aware of documents they're unable to access.
Is there any way to disable the counter showing how many documents are in a directory?
Is there any way to disable the counter showing how many times a FAQ has been viewed?
Thank you.
Is there any way to disable the counter showing how many documents are in a directory?
Is there any way to disable the counter showing how many times a FAQ has been viewed?
Thank you.
Re: Security concern
Hi,
currently you can only remove this from the code. Sorry.
bye
Thorsten
currently you can only remove this from the code. Sorry.
bye
Thorsten
phpMyFAQ Maintainer and Lead Developer
amazon.de Wishlist
amazon.de Wishlist