Response Time
24 — 48 hours
Hi,
I'm really concerned by the security of my website and I've detect that json files in /media/com_komento give too much informations (Joomla version, Komento version and other things). These files are not secured because it's possible to get accessed to them; just by accessing to http://thesite/media/com_komento/config/xxx.json.
I agree that the filename is quite complicult but, for my point of view, it's not enough. Versions numbers are sensitive data and should not be publicly available.
Can you give advices ?
Thanks.
I'm really concerned by the security of my website and I've detect that json files in /media/com_komento give too much informations (Joomla version, Komento version and other things). These files are not secured because it's possible to get accessed to them; just by accessing to http://thesite/media/com_komento/config/xxx.json.
I agree that the filename is quite complicult but, for my point of view, it's not enough. Versions numbers are sensitive data and should not be publicly available.
Can you give advices ?
Thanks.
5 Replies
The replies under this section are restricted to logged in users or users with an active subscription with us
