Hi Brajesh, I have discovered that anyone can access any BP content, without even being logged in, e.g. the members directory can be accessed by typing domain/members and even a members profile can be accessed by not registered users by typing domain/members/profile
I’m really surprised, is this security breach really the way BP is intended to work?
I remember to have seen some code to prevent non logged in users to access BP content, by changing the url but I cant remember where, was it at Buddydev?
what is the best way of preventing this is happening?
You must be logged in to reply to this topic.