• 7 followers

Comments visibility - privacy breach

So, here we are: 

1. User Admin created Friends_Only  discussion named "Lock" (pic bbb)

2. User Vavilon (friend of Admin) put comment on there (pic ccc)

3. user Coup ( who IS friend of Vavilon, but  IS NOT FRIEND of Admin) received to his email notification that friend Vavilon posted comments in Admin's discussion (which is not OK for me, I don't want my friends to know ALL my  interactions with other friends ) (pic ddd) 

4. user Coup going by link and CAN SEE   comment of user Vavilon (who is friend of user Coup) to user Admin (who is not friend of user Coup) in Freinds_Only content (wich is not OK - twice)

5. user Coup can copy link from email notification and spred it over the www because everybody with this link can see the comment of Vavilon to Admin, even unauthenticated persons (pic eee) ((wich is not OK - triple)

 

Guys, IMHO, it's serious security  issue,  positions 3-4-5 needs to be closed. (Can we stop position 3 in Notifications checkboxes? which one?)

Thanx in advance.

  • 124
Attachments
3
1
2
Added:
Category: