disable login/logout pages in the URL when option to disable set

juan.p
57.8% (Neutral)
YAF Forumling Topic Starter

13 years ago

I have the login/logout of YAF disabled, however I noticed that I can enter the direct URL to get to the login/logout pages. I'd think this maybe a security issue.

I'm not sure if YAF's infrastructure can support this, but would it be possible to filter/deny, redirection to a URL if the option is 'turned off' (whatever option that may be). I'm not overly familiar with this part of the YAF code, but I see it takes a url parameter with the control name to load i.e. "?pagename" (something along these lines) Perhaps this be filtered? Or would there still be a manner to get around this and get to the page?

I just realized I never verified if that page/control still works when the option is turned off, so maybe it is not a concern.

For now, I will just delete the pages I don't use from YAF "to be 100% sure" no one can manipulate the system to get to them.

Sponsor

Wanna join the discussion?! Login to your YAF.NET Support Forum forum account or Register a new forum account

mddubs
100% (Exalted)
YAF Developer

13 years ago

You can rename pages to '.na' instead of deleting them. You should do this with the '\install\default.aspx' page also.

www.bunkerhollow.com | www.careercomputing.com
When I post fp:mddubs in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Mek 🙂, who stole this off Ederon 🙂 )

Important Information:

The YAF.NET Support Forum uses cookies. By continuing to browse this site, you are agreeing to our use of cookies. More Details Close