How can I prevent direct access to a /component/my_compoennt/asfasdfa file?

This forum is for general questions about extensions for Joomla! 3.x.

Moderators: pe7er, General Support Moderators

Forum rules
Forum Rules
Absolute Beginner's Guide to Joomla! <-- please read before posting, this means YOU.
Forum Post Assistant - If you are serious about wanting help, you will use this tool to help you post.
Post Reply
YoKoGFX
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Sat Nov 04, 2017 2:24 pm

How can I prevent direct access to a /component/my_compoennt/asfasdfa file?

Post by YoKoGFX » Tue Feb 20, 2018 4:46 pm

Hello,

we are currently having a problem with our Component, it can be accessed directly. This means you can see how many people booked on our website and what.

Example:
/component/ohanah/?view=ticket&

is the URL that should not be accessed but if /component/ohanah/?view=ticket&uuid=censored-censored-censored-censored-censored

is entered it should work.

This issue exist with all urls in the /component/ folder of the Component we bought and we need to fix this ASAP.


How can I accomplish this?
Last edited by toivo on Tue Feb 20, 2018 5:09 pm, edited 1 time in total.
Reason: mod note: moved from 3.x Security

User avatar
toivo
Joomla! Exemplar
Joomla! Exemplar
Posts: 9702
Joined: Thu Feb 15, 2007 5:48 am
Location: Oxford, UK
Contact:

Re: How can I prevent direct access to a /component/my_compoennt/asfasdfa file?

Post by toivo » Tue Feb 20, 2018 5:12 pm

Have you contacted the supplier of this paid extension for support?
Toivo Talikka, Global Moderator
my first programs were assembled and run in 16KB :)
troubleshooting smtp and other articles https://talikka.com/joomla

User avatar
brian
Joomla! Master
Joomla! Master
Posts: 11715
Joined: Fri Aug 12, 2005 7:19 am
Location: Leeds, UK
Contact:

Re: How can I prevent direct access to a /component/my_compoennt/asfasdfa file?

Post by brian » Tue Feb 20, 2018 6:28 pm

ouch thats a really nasty security issue
"Exploited yesterday... Hacked tomorrow"
Blog http://brian.teeman.net/
Joomla Hidden Secrets http://hiddenjoomlasecrets.com/


Post Reply

Return to “Extensions for Joomla! 3.x”