raamdev
commented
7 years ago @IvanRF Thank you very much for the feedback. You're correct, that could definitely use some improvement to improve security. I'll get this fixed for the next release.
Open IvanRF opened 7 years ago
raamdev
commented
7 years ago @IvanRF Thank you very much for the feedback. You're correct, that could definitely use some improvement to improve security. I'll get this fixed for the next release.
By chance I found this log file on the plugin folder:
stcr-import-failures.log. The issue is that it includes all the emails from users (which failed in the import process) in plain text and in a fixed/static path. It seems too easy to check for the bad guys, maybe adding some random text in the filename of the log could be enough.