User Profiles are about as secure as a G4S Prison on High Alert

brainwipe / lack-of

A central repository for the lack-of community

GNU General Public License v2.0

0 stars 0 forks source link

User Profiles are about as secure as a G4S Prison on High Alert #21

Closed babykaos closed 8 years ago

babykaos commented 8 years ago

You can access anyone's profile simply by going through the numbers...for example;

http://www.lack-of.org/user/2 - Brainwipe (Rob) http://www.lack-of.org/user/5 - Me http://www.lack-of.org/user/6 - Byrnie http://www.lack-of.org/user/7 - Evil Matt

http://www.lack-of.org/user/1/edit - how to change the Admin password

I used this to change your Avatar a while back.

brainwipe commented 8 years ago

This is because you have administrator access. The standard and denizen users (we don't really have standard users) cannot edit other profiles. Anonymous users will see 404 not found.

I don't mind that you changed my avatar, it still makes me laugh!

Is that cool? I'd rather not take away your admin access. If you're happy, please close this one.

babykaos commented 8 years ago

Ok, I'll give you that one...didn't realise I had admin. thoguht I'd cunningly hacked the system.