Response Time
24 — 48 hours
Hi ES Folks,
I'm building up my profile for new site.
Right now I have 2 public profiles (person and corporation).
These 2 are accessible via the default registration process, open to anyone.
I have a 3rd one that isn't used for default process and isn't enable to be showed.
It is not showing, however this 3rd one (and other to show) are invited only profile.
However, the profile are open to everyone by only changing it's ID number in the URL therefore, my 3rd profile is ID number 3.
/en/community/registration.html?task=selectType&profile_id=1&controller=registration
I know that this doesn't exist, but any kind of security would be welcome
Any feedback ?
Alex
EDIT: Adding a token (like the one in Joomla for form) for non-enabled profile type could be one way!? An helper function through controller.... a custom field which would catch value or die script and go back !? Any thoughts ?
I'm building up my profile for new site.
Right now I have 2 public profiles (person and corporation).
These 2 are accessible via the default registration process, open to anyone.
I have a 3rd one that isn't used for default process and isn't enable to be showed.
It is not showing, however this 3rd one (and other to show) are invited only profile.
However, the profile are open to everyone by only changing it's ID number in the URL therefore, my 3rd profile is ID number 3.
/en/community/registration.html?task=selectType&profile_id=1&controller=registration
I know that this doesn't exist, but any kind of security would be welcome
Any feedback ?
Alex
EDIT: Adding a token (like the one in Joomla for form) for non-enabled profile type could be one way!? An helper function through controller.... a custom field which would catch value or die script and go back !? Any thoughts ?
12 Replies
The replies under this section are restricted to logged in users or users with an active subscription with us
