1
awarrior
mxdirectory security risk and loophole
  • 2007/1/30 9:21

  • awarrior

  • Just popping in

  • Posts: 48

  • Since: 2006/10/9


Don't know whether I put this in the right section.......

Whilst registered users can sign up and submit details to mxdirectory, if they want to update and change their details at any time, which is a beneficial asset for advertisers to keep their details up to date. The only way they can do this is to leave the --

'Allow registered users to submit link modifications?' must be left to 'Yes' in admin.

But this I found out accidentally causes a securtity risk and loophole open to ALL registered users. Because not only can they change their own details, they can also change anybody else's.

How can this be altered so that only the person who submitted his details can change them and not be able to change others details
I'm smarter than the average bear boo boo......

2
Peekay
Re: mxdirectory security risk and loophole
  • 2007/1/30 10:16

  • Peekay

  • XOOPS is my life!

  • Posts: 2335

  • Since: 2004/11/20


I think this has been addressed in MXdirectory 3.*. AFAIK, if you dis-allow registered users to modify links, the creator of the ad can still edit their own ad, but not others.

Even if you leave this option 'on', modifications made by other users are moderated by admin before publication. The changed version appears alongside the original so the differences can be seen. The primary use of this is to allow you import a purchased directory listing and then invite site visitors to update their own ad.

I agree that allowing modifications on a busy site would put admin under some pressure to ensure changes were valid. I raised the same concern about the original Xdirectory in this thread
A thread is for life. Not just for Christmas.

Login

Who's Online

395 user(s) are online (352 user(s) are browsing Support Forums)


Members: 0


Guests: 395


more...

Donat-O-Meter

Stats
Goal: $100.00
Due Date: Nov 30
Gross Amount: $0.00
Net Balance: $0.00
Left to go: $100.00
Make donations with PayPal!

Latest GitHub Commits