Confidential information in the public domain

Reply Post a topic

Владимир Белый

2020-12-22 17:32:54

Accounts, invoices with nomenclature, amounts, with phones, email of counterparties are available via direct links without authorization.
And this is the case with all your clients, it is pulled out by elementary enumeration.
https://prnt.sc/w7wt3q

Original question is available on version: ru

Answers:

Устименко Игорь

OneBox production

OneBox CTO

1. File confidentiality is configured in the admin panel by enabling the settings that the file is not available without authorization
2. Folders on the server are also limited to access by the server settings themselves
3. these files to which you refer are temporary and are deleted by cron after a while

Make a payment (donate)

22.12.2020, 20:36

Original comment available on version: ru

Владимир Белый

You have the entire application in the web directory. It is unacceptable.
In the project that I am running, nothing is deleted by the crown, I clean it myself with my hands as the place ends. For example, the media/documents folder - all accounts are there.

Make a payment (donate)

23.12.2020, 10:15

Original comment available on version: ru

Устименко Игорь

OneBox production

OneBox CTO

Vladimir Bely wrote:
You have the entire application in the web directory. It is unacceptable.

what exactly do you not like?

Vladimir Bely wrote:
In the project that I am running, nothing is deleted by the crown, I clean it myself with my hands as the place ends. For example, the media/documents folder - all accounts are there.

it is not clear what project we are talking about and what version is there

Make a payment (donate)

23.12.2020, 13:05

Original comment available on version: ru

Please join the conversation. If you have something to say - please write a comment. You will need a mobile phone and an SMS code for identification to enter. Log in and comment

Confidential information in the public domain

Answers:

Thanks for your choice.