alt_f4 53 Posted November 16, 2020 Report Share Posted November 16, 2020 Hello, I just discovered that you can access users' calendars without logging in. .../index.php/calendar/appointment?user=1&id=1 So everybody from the internet is able to see confidential information? How can I deactivate this? Thanks & regards! Quote Link to post Share on other sites
alt_f4 53 Posted November 16, 2020 Author Report Share Posted November 16, 2020 For security resons and as a quick fix, I´ve made a new line in .htaccess RewriteCond %{REQUEST_URI} appointment RewriteRule .*? - [F] Quote Link to post Share on other sites
jack 7 Posted November 17, 2020 Report Share Posted November 17, 2020 Thanks for the info.I will look into this. Quote Link to post Share on other sites
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.