Searching and Security

Discussion regarding Joomla! security issues.

Moderator: General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Security Checklist
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Locked
bhlang

Searching and Security

Post by bhlang » Fri Oct 07, 2005 4:47 pm

Hello everyone.

I have a Joomla site set up on an intranet. At this time it's got a very small base of information in it before I turn it over to the end-users.
I did a test this morning of the security and ran into a potentially serious issue:

When performing a Search of the system on a term that I knew was in a "Registered" section, I received in my search results the document in question. Then I realized that I was *not* logged in. I could not access the document, but on the search page, the first few lines of the document were visible.


Never mind, I found my problem:
The section was set to Registered, but the document(s) in it were Public. Once the documents were set to Registered, the problem went away.

I am still posting this for future reference.

Perhaps the developers should ensure that documents in registered sections do not show on search results even if they are public???

Locked

Return to “Security - 1.0.x”