Jump to content


Photo

Deny anonymous access to calendar


  • Please log in to reply
2 replies to this topic

#1 alt_f4

alt_f4

    Advanced Member

  • Premium Members
  • PipPipPip
  • 387 posts
  • LocationGermany

Posted 16 November 2020 - 06:08 AM

Hello,
 
I just discovered that you can access users' calendars without logging in.
 
.../index.php/calendar/appointment?user=1&id=1
 
So everybody from the internet is able to see confidential information?
 
 
How can I deactivate this?
 
 
 
Thanks & regards!


#2 alt_f4

alt_f4

    Advanced Member

  • Premium Members
  • PipPipPip
  • 387 posts
  • LocationGermany

Posted 16 November 2020 - 08:31 AM

For security resons and as a quick fix, I´ve made a new line in .htaccess

RewriteCond %{REQUEST_URI} appointment
RewriteRule .*? - [F]


#3 jack

jack

    Admin

  • Administrators
  • 61 posts

Posted 17 November 2020 - 12:23 PM

Thanks for the info.
I will look into this.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users