User doesn't need to be logged in to view user profiles.

PHSCDC / itocdc-2015-www

An insecure PHP web app for the Iowa State University 2015 IT Olympics Cyber Defense Competition (ITOCDC)

MIT License

0 stars 1 forks source link

Closed jummy0 closed 9 years ago

jummy0 commented 9 years ago

User profile pages are viewable by anybody, regardless of whether or not the viewer is logged in.

ngiddings commented 9 years ago

This, along with other issues, may be fixed by my new authentication system. Testing will prove this, but for now we can consider it done.

Let's not close the issue until it's proven fixed.

ngiddings commented 9 years ago

A subset of user information is public, namely posted videos. It's things like contact info that must be kept private.