Web Wiz - Green Windows Web Hosting
Web Wiz Homepage Search Web Wiz

  New Posts New Posts RSS Feed - Worrying security matter
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

Worrying security matter
 Post Reply Post Reply
Author
  Topic Search Topic Search  Topic Options Topic Options
Nick-V View Drop Down
Senior Member
Senior Member


Joined: 26 October 2002
Location: United Kingdom
Status: Offline
Points: 319 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Nick-V Quote  Post ReplyReply Direct Link To This Post Topic: Worrying security matter
    Posted: 03 January 2008 at 11:58am
I believe I have found a worrying security hole.
 
If a member is downgraded from a private forum they still receive email subscriptions.
 
To expand: we have a private forum for special members. Those members often subscribe to receive an email alert of new postings to that forum. When a member is demoted from that private forum their email alert remains operational and continues to send them a private email containing the full text of any posting made to that private forum.
 
This worries me considerably...people are usually demoted from private areas with good reason...and administrators (and others) are completely unaware that they are still being sent private information.
 
I can use database tools as a workaround (delete such subscriptions) but I believe:
  1. administrators need to be made aware of this immediately
  2. a modification needs to be done to correct such orphaned subscriptions and prevent them recurring.
Back to Top
WebWiz-Bruce View Drop Down
Admin Group
Admin Group
Avatar
Web Wiz Developer

Joined: 03 September 2001
Location: Bournemouth
Status: Offline
Points: 9844 		Post Options Post Options   Thanks (0) Thanks(0)   Quote WebWiz-Bruce Quote  Post ReplyReply Direct Link To This Post Posted: 03 January 2008 at 12:10pm
This will be looked into.

For the moment you can always use the 'Subscription' tab in the 'Members Control Panel' and see what Topics and Forums the users is subscribed to and remove any subscriptions that you do not want this user to receive.
Web Wiz Forums Hosting
ASP.NET Web Hosting
Back to Top
Nick-V View Drop Down
Senior Member
Senior Member


Joined: 26 October 2002
Location: United Kingdom
Status: Offline
Points: 319 		Post Options Post Options   Thanks (0) Thanks(0)   Quote Nick-V Quote  Post ReplyReply Direct Link To This Post Posted: 03 January 2008 at 12:38pm
Thanks Borg.
 
Yes for now, we will check manually forum and topic subscriptions too for any member downgraded from a private area.
Back to Top
 Post Reply Post Reply

Forum Jump Forum Permissions View Drop Down

Forum Software by Web Wiz Forums® version 12.08
Copyright ©2001-2026 Web Wiz Ltd.

Become a Fan on Facebook Follow us on X Connect with us on LinkedIn Web Wiz Blogs
About Web Wiz | Contact Web Wiz | Terms & Conditions | Cookies | Privacy Notice

Web Wiz is the trading name of Web Wiz Ltd. Company registration No. 05977755. Registered in England and Wales.
Registered office: Web Wiz Ltd, Unit 18, The Glenmore Centre, Fancy Road, Poole, Dorset, BH12 4FB, UK.

Prices exclude VAT at 20% unless otherwise stated. VAT No. GB988999105 - $, € prices shown as a guideline only.

Copyright ©2001-2026 Web Wiz Ltd. All rights reserved.