close ad
WARNING: Do Not Install the DREAMWEAVER CC 2017 or 2018 Update »
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

order.php exposed to web

Thread began 6/10/2010 12:06 pm by ess408951 | Last modified 6/10/2010 12:13 pm by Ray Borduin | 1389 views | 1 replies |

ess408951

order.php exposed to web

A client using your cart extensions is having an intresting issue.
The client was Googling her name and something she had ordered came up.

The code that was associated with the page was;

orders.php?pageNum_rsOrders=1&totalRows_rsOrders=585

Armed with this piece of code I was able to see all of the old orders out on the system.
We deleted the history so the problem went away but I can see this being an issue in
the future.

This version of your extensions we are told is approximately 8 years old. If we
upgrade to you new dynamic suite will this problem be rectified.

Thanks

Sign in to reply to this post

Ray BorduinWebAssist

The problem isn't with the extension. It is with the implementation. No code is inherently secured. It looks like they ran DataAssist to create a display of orders. The page does just that. If you want to secure that page, you need to provide a login page in order to have the opportunity to add security.

In order to correct this problem you could buy Security Assist and use that wizard to create a login page. Then add security to the administrative orders section that you curently have found is exposed (and to every other page that shouldn't be publicly viewable).

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...