Jump to content
Tribble

Addon Developer requesting FTP/Backoffice access

Recommended Posts

I paid for an Addon last week that's got some massive security holes (like showing my customers other customers email addresses!) and they've asked for FTP and Backoffice access to investigate. Given that all I know about them is their username, and the fact that they've created something with dubious security, I'm understandably reticent to give them my access credentials.

Is this normal practice?

Share this post


Link to post
Share on other sites

Hi,

  1. what is the module in question?
  2. how did you find these security holes?
  3. Yes it's normal

Share this post


Link to post
Share on other sites

Thanks, that's reassuring.

It's SPM Product, Shop Reviews, Reminder, Profile, Rich Snippets Module

A customer alerted me that when she tried to add a product review, it was showing other people's names and email addresses. Plus when you click the reviewer's name on the review, it shows their full name and postcode, which is not on, with no obvious way to remove this other than disabling user profiles, which is not ideal.

 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...

Important Information

Cookies ensure the smooth running of our services. Using these, you accept the use of cookies. Learn More