Currently the default method has any uploaded resume stored in the
wp-content/uploads/ folder. This is too common and insecure. This allows anyone
with a browser the ability to look through this folder. Also, unless actions
are taken such as robots.txt file, and .htaccess directives, google and other
search engines will index files found here. This opens up privacy issues for
companies using this plugin where there applicants resume info is searchable on
google.
Solution: in admin settings allow admin to choose the folder path for storing
uploads from the job manager listings. They can create a folder via FTP
anywhere in the public_html space and designate that as the storage folder for
Job Manager files. Also, to make it EXTRA secure, enable the use of
/home/~user/... server paths where knowledgeable admins can designate a folder
outside of public_html.
Original issue reported on code.google.com by keenan.f...@gmail.com on 29 Jan 2013 at 10:07
Original issue reported on code.google.com by
keenan.f...@gmail.comon 29 Jan 2013 at 10:07