CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site

This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Profiles (Moderator: Dave Greenberg) »
  • Security Issue with CiviCRM
Pages: [1]

Author Topic: Security Issue with CiviCRM  (Read 1666 times)

natalievl

  • I’m new here
  • *
  • Posts: 15
  • Karma: 0
Security Issue with CiviCRM
November 15, 2009, 09:20:34 pm
Hi,

We are currently customising the search profiles that we are using in CiviCRM. When the field in the profile is set to 'User and User Admin Only', the field is not displayed in the search results when we select the custom profile in the "Search Views" drop down list.

How do we enable this field in the search results, so it appears to Admin Only without making our database available to our other users and vulnerable to hacking?

We are operating Version 2.2.8 under Drupal.

Looking forward to hearing from someone.

Natalie.

xavier

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4453
  • Karma: 161
    • Tech To The People
  • CiviCRM version: yes probably
  • CMS version: drupal
Re: Security Issue with CiviCRM
November 16, 2009, 12:21:45 am
Hi,

Unfortunately, the level of access and where the field is displayed are (IMO wrongly) linked.

 So you can't let the admin having the field on a column of the search result without making it visible to everyone as far as I can see.

Haven't tested if this is only an UI issue in the admin interface or more complex than that.

X+
-Hackathon and data journalism about the European parliament 24-26 jan. Watch out the result

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Security Issue with CiviCRM
November 16, 2009, 06:41:17 am

This is only a UI issue. Ensure that your profile "used for" setting is for "Search Results" only. In this case its not exposed to civicrm/profile

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

natalievl

  • I’m new here
  • *
  • Posts: 15
  • Karma: 0
Re: Security Issue with CiviCRM
November 16, 2009, 06:01:41 pm
Thanks so much for your responses!

Does this then mean that our database will only be accessible by admin users? We definitely do not want guests or site users to be able to view any of our database.

Thanks,

Natalie.

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Security Issue with CiviCRM
November 16, 2009, 07:04:29 pm

yes, but there are a lot of factors involved with whats exposed and what is not. Specifically "profiles" are meant to expose data to guests/site-users etc. You'll need to ensure those are turned off

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Muhammad Asim Dewan

  • Guest
Re: Security Issue with CiviCRM
November 20, 2009, 03:07:59 am
But if we turned off the assurance of making profile to be shown to visitors , to view its fields for admin only, then how can we use this profile to get data from visitors? As this profile is shown to admin only.

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Security Issue with CiviCRM
November 20, 2009, 06:12:55 am

please create a new topic for your questions. The Original Poster's question was regarding search profiles

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions

Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Profiles (Moderator: Dave Greenberg) »
  • Security Issue with CiviCRM

This forum was archived on 2017-11-26.