• juan.p
• YAF Forumling Topic Starter
13 years ago
I have the login/logout of YAF disabled, however I noticed that I can enter the direct URL to get to the login/logout pages. I'd think this maybe a security issue.

I'm not sure if YAF's infrastructure can support this, but would it be possible to filter/deny, redirection to a URL if the option is 'turned off' (whatever option that may be). I'm not overly familiar with this part of the YAF code, but I see it takes a url parameter with the control name to load i.e. "?pagename" (something along these lines) Perhaps this be filtered? Or would there still be a manner to get around this and get to the page?

I just realized I never verified if that page/control still works when the option is turned off, so maybe it is not a concern.

For now, I will just delete the pages I don't use from YAF "to be 100% sure" no one can manipulate the system to get to them.

• mddubs
• YAF Developer
13 years ago
You can rename pages to '.na' instead of deleting them. You should do this with the '\install\default.aspx' page also.

www.bunkerhollow.com  | www.careercomputing.com
When I post fp:mddubs in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Mek 🙂, who stole this off Ederon 🙂 )