Searching and Security

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.

Searching and Security

Post by bhlang » Fri Oct 07, 2005 4:47 pm

Hello everyone.

I have a Joomla site set up on an intranet. At this time it's got a very small base of information in it before I turn it over to the end-users.
I did a test this morning of the security and ran into a potentially serious issue:

When performing a Search of the system on a term that I knew was in a "Registered" section, I received in my search results the document in question. Then I realized that I was *not* logged in. I could not access the document, but on the search page, the first few lines of the document were visible.

Never mind, I found my problem:
The section was set to Registered, but the document(s) in it were Public. Once the documents were set to Registered, the problem went away.

I am still posting this for future reference.

Perhaps the developers should ensure that documents in registered sections do not show on search results even if they are public???


Return to “Security - 1.0.x”