• juan.p
  • 57.8% (Neutral)
  • YAF Forumling Topic Starter
13 years ago
I have the login/logout of YAF disabled, however I noticed that I can enter the direct URL to get to the login/logout pages. I'd think this maybe a security issue.

I'm not sure if YAF's infrastructure can support this, but would it be possible to filter/deny, redirection to a URL if the option is 'turned off' (whatever option that may be). I'm not overly familiar with this part of the YAF code, but I see it takes a url parameter with the control name to load i.e. "?pagename" (something along these lines) Perhaps this be filtered? Or would there still be a manner to get around this and get to the page?

I just realized I never verified if that page/control still works when the option is turned off, so maybe it is not a concern.

For now, I will just delete the pages I don't use from YAF "to be 100% sure" no one can manipulate the system to get to them.

  • mddubs
  • 100% (Exalted)
  • YAF Developer
13 years ago
You can rename pages to '.na' instead of deleting them. You should do this with the '\install\default.aspx' page also.
www.bunkerhollow.com  | www.careercomputing.com 
When I post fp:mddubs in a topic, I'm leaving my footprint there so I can track it once I get into coding/supporting. (Yes I stole this off Mek 🙂, who stole this off Ederon 🙂 )
YAF Logo Copyright © YetAnotherForum.NET & Ingo Herbote. All rights reserved
About Us

The YAF.NET is an open source .NET forum project. YAF.NET is supported by an team of international developers who are build community by building community software.

Powered by Resharper Donate with PayPal button