http://help.xanga.com/ Xanga Help Topic: John: you have a critical integrity/security issue, nfp. en Sat, 09 May 2026 03:30:23 +0000 http://help.xanga.com/topic/john-you-have-a-critical-integrity-issue-nfp?post_id=1610#post-1610 Sun, 08 Sep 2013 15:24:42 +0000 StupidSystemus 1610@http://help.xanga.com/ <p>I caught that, too. It seems like this Super Admin functionality was inherited through all Xanga users. The good thing is you can only edit comments made on your posts.</p> <p>Technically, this is not an issue. From a site owner's perspective, I should be able to edit and/or redact comments from people under my discretion. I can see that being abused, however. </p> http://help.xanga.com/topic/john-you-have-a-critical-integrity-issue-nfp?post_id=1600#post-1600 Sun, 08 Sep 2013 10:56:30 +0000 notforprophet 1600@http://help.xanga.com/ <p>There is a critical information security integrity issue with 2.0's commenting implementation: Comment editing for the comment receiver is turned on.</p> <p>There is probably a very easy sitewide on-off switch solution on your admin console side for this.</p> <p>Proof of concept here: <a href="http://notforprophet.xanga.com/2013/09/08/7974/#comments" rel="nofollow">http://notforprophet.xanga.com/2013/09/08/7974/#comments</a></p> <p> - nfp </p>