Hi,
Is it normal that any user on our website can go in a user’s profile and copy the photos that are in that profile and keep them on their desktop in their computer
…I’ll explain how this is done and you’ll see that it’s very easy…We tested it after one of our users advised us…
All a user has to do is access another user’s profile ( go IN the profile ), click on a photo with the left button of his computer mouse and drag the chosen photo on their desktop…A file will appear on their desktop and then they open the file and the photo appears copied…Users who do this can then use the copied photo as they wish…
Admins, Try this on your websites…We visited and tested a few other websites who have the skadate module and with no problem whatsoever copied photos from user profiles as explained higher…We even tested this with the skadate Demo…Of course we deleted those photos afterwards BUT a user who has bad intentions can keep them in his computer and do what he wants with them…I don’t think this is normal for security reasons…Users upload photos on our websites thinking they are safe and they are NOT !
We visited and tested other websites who are NOT clients of skadate ( who have other modules then skadate ) and yes you can drag and drop a photo from profiles as explained higher BUT when we open the file on the desktop, all that appears on some websites we visited is the front page of their website where we have to write our username and password AND NOT THE PHOTO and on other websites all that appears is a blank page…This is how it should be…
We work with skadate to have better security for the users by eliminating security flaws…What we just discovered should be corrected as soon as possible and this without waiting for the next version…The integrity of our website is very important to us and this is something that could ruin it…I don’t think anyone wants that for their website ??
Thanks,
Zeusss
