BuddyDev

Search

Anyone can access BP content, e.g. the directory by typing /members in url

  • Participant
    Level: Yogi
    Posts: 1117
    calu on #25671

    Hi Brajesh, I have discovered that anyone can access any BP content, without even being logged in, e.g. the members directory can be accessed by typing domain/members and even a members profile can be accessed by not registered users by typing domain/members/profile

    I’m really surprised, is this security breach really the way BP is intended to work?

    I remember to have seen some code to prevent non logged in users to access BP content, by changing the url but I cant remember where, was it at Buddydev?

    what is the best way of preventing this is happening?

    Regards
    Carsten

  • Keymaster
    (BuddyDev Team)
    Posts: 24636
    Brajesh Singh on #25682

    Hi Carsten,
    That is the default behaviour. You can stop it with a line. Or I will say, keep it as it is. within 2 weeks our access control will be available and should help you with this and more personalization.

    Regards
    Brajesh

You must be logged in to reply to this topic.

This topic is: not resolved