Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • Hywel Lewis 37 posts 138 karma points
    Mar 26, 2010 @ 23:36
    Hywel Lewis
    0

    Security issue for data left in xml

    Just thinking, may be worth adding the ability to configure where the contact and email a firend logs are saved or just the name of the xml file, anyone that uses this frame work can see all the logs a site has recived which could be bad if they want email addresses.

    I know you could delete the data daily but most people wont, could also go in and edit the usercontrols but that would depend on how comfertable they are with editing the code.

    anything i can do to help let me know

     

    Cheers

  • Petr Snobelt 923 posts 1532 karma points
    Mar 27, 2010 @ 06:47
    Petr Snobelt
    1

    I don't know cws, but xml data should be saved with .config extension or in app_data folder.

  • Warren Buckley 2087 posts 4568 karma points MVP 6x admin hq c-trib
    Mar 27, 2010 @ 10:42
    Warren Buckley
    0

    Hi Hywel and Petr,
    Would you mind adding a bug item on codeplex for me please so I can edit the usercontrols so that the path of the XML file is stored in app_data so it can't be accessed directly with a URL to the file.

    http://umbracocws.codeplex.com/WorkItem/Create.aspx?ProjectName=umbracocws

    Thanks,
    Warren

  • Hywel Lewis 37 posts 138 karma points
    Mar 27, 2010 @ 11:23
    Hywel Lewis
    0

    Have just added it for you, not sure if it makes sense but any questions or if i can help in some way let me know

Please Sign in or register to post replies

Write your reply to:

Draft