ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > Living Room

Request for help - potential website security issue

(1/3) > >>

Carol Haynes:
I have set up a website for my local running club. A member has informed me that the private members' forum can be access just by browsing the website without entering a username and password and is therefore not private.

The website is www.swaledaleroadrunners.co.uk and I can't find any way to read forum messages without logging in.

Unfortunately the member is being unhelpful and refusing to tell me how they can achieve this.

Personally I suspect that it is them either being difficult or else just that they never log out so when they visit the site the stored cookie allows them to access the website again but the challenge is can anyone here read the forum without logging in and if so how?

Cheers

Carol

Stephen66515:


Thats what I see on the forum page.

Stephen66515:
Side note...I think I just broke your disclaimer (No part of this website can be reproduced in any form without written permission) :P

Carol Haynes:
Precisely - BUT this difficult member is saying that simply by browsing the website she can read the forum without logging in - I can't see how this is possible. AS far as I can tell no articles on the website link directly to forum articles and even if they did they should lead to a login page before being able to read the posting.

Side note...I think I just broke your disclaimer (No part of this website can be reproduced in any form without written permission) :P
-Stephen66515 (May 21, 2012, 05:06 PM)
--- End quote ---

May be that should be 'may be reproduced' ! Anyway I give you permission ;-)

By the way if any one does find a security whole please let me know by PM - not on the open forum here.

Stephen66515:
Precisely - BUT this difficult member is saying that simply by browsing the website she can read the forum without logging in - I can't see how this is possible. AS far as I can tell no articles on the website link directly to forum articles and even if they did they should lead to a login page before being able to read the posting.

Side note...I think I just broke your disclaimer (No part of this website can be reproduced in any form without written permission) :P
-Stephen66515 (May 21, 2012, 05:06 PM)
--- End quote ---

May be that should be 'may be reproduced' ! Anyway I give you permission ;-)

By the way if any one does find a security whole please let me know by PM - not on the open forum here.
-Carol Haynes (May 21, 2012, 05:06 PM)
--- End quote ---

The member is probably just being stupid and not realized they are actually logged in lol

Navigation

[0] Message Index

[#] Next page

Go to full version