-
John: you have a critical integrity/security issue, nfp.
There is a critical information security integrity issue with 2.0's commenting implementation: Comment editing for the comment receiver is turned on.
There is probably a very easy sitewide on-off switch solution on your admin console side for this.
Proof of concept here: http://notforprophet.xanga.com/2013/09/08/7974/#comments
- nfp
1 Answer
best answer
-
I caught that, too. It seems like this Super Admin functionality was inherited through all Xanga users. The good thing is you can only edit comments made on your posts.
Technically, this is not an issue. From a site owner's perspective, I should be able to edit and/or redact comments from people under my discretion. I can see that being abused, however.
Reply
You must log in to post.
