Tribble Posted June 29, 2020 Share Posted June 29, 2020 I paid for an Addon last week that's got some massive security holes (like showing my customers other customers email addresses!) and they've asked for FTP and Backoffice access to investigate. Given that all I know about them is their username, and the fact that they've created something with dubious security, I'm understandably reticent to give them my access credentials. Is this normal practice? Link to comment Share on other sites More sharing options...
coeos.pro Posted June 29, 2020 Share Posted June 29, 2020 Hi, what is the module in question? how did you find these security holes? Yes it's normal Link to comment Share on other sites More sharing options...
Tribble Posted June 29, 2020 Author Share Posted June 29, 2020 Thanks, that's reassuring. It's SPM Product, Shop Reviews, Reminder, Profile, Rich Snippets Module A customer alerted me that when she tried to add a product review, it was showing other people's names and email addresses. Plus when you click the reviewer's name on the review, it shows their full name and postcode, which is not on, with no obvious way to remove this other than disabling user profiles, which is not ideal. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now