CiviCRM Community Forums (archive)

*

News:

Have a question about CiviCRM?
Get it answered quickly at the new
CiviCRM Stack Exchange Q+A site
This forum was archived on 25 November 2017. Learn more.
How to get involved.
What to do if you think you've found a bug.



  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Security/privacy issues using Profile
Pages: [1]

Author Topic: Security/privacy issues using Profile  (Read 825 times)

petednz

  • Forum Godess / God
  • I’m (like) Lobo ;)
  • *****
  • Posts: 4899
  • Karma: 193
    • Fuzion
  • CiviCRM version: 3.x - 4.x
  • CMS version: Drupal 6 and 7
Security/privacy issues using Profile
March 13, 2009, 12:47:38 pm
Hi - we have a profile that is used for Register/Edit User. It includes the Current Employer, and that field is set to be 'In Selector' and is 'Public User Pages and Listings' but is not 'Searchable' and is checked for 'Results Column' - and while I may not have the config quite correct it does what I hoped ie an authorised user can go to their My Account, will see their company as a blue link - can click on this and get a list of other employees (but gets message "No fields in this Profile have been configured as searchable. Ask the site administrator to check the Profile setup" which we will need to hack to hide if we don't want it I presume).

Anyhow thing is that the URL for the result is

/civicrm/profile?reset=1&force=1&gid=2&current_employer=<name of company>.

so it doesn't take much to realise if you substitute another company name in the URL you might be able to see their list too (which may not be a huge issue in our case, but doesn't look good).

So any thoughts on how I set this up, and/or whether the URL can be coded somehow so it isn't so obvious?

(Hope I explained that clearly enough)
Sign up to StackExchange and get free expert advice: https://civicrm.org/blogs/colemanw/get-exclusive-access-free-expert-help

pete davis : www.fuzion.co.nz : connect + campaign + communicate

Donald Lobo

  • Administrator
  • I’m (like) Lobo ;)
  • *****
  • Posts: 15963
  • Karma: 470
    • CiviCRM site
  • CiviCRM version: 4.2+
  • CMS version: Drupal 7, Joomla 2.5+
  • MySQL version: 5.5.x
  • PHP version: 5.4.x
Re: Security/privacy issues using Profile
March 13, 2009, 01:11:14 pm

not a config option currently. You can try to simulate a post via javascript and hide that in the post packet, but that will require changing some code (and templates).

lobo
A new CiviCRM Q&A resource needs YOUR help to get started. Visit our StackExchange proposed site, sign up and vote on 5 questions
Pages: [1]
  • CiviCRM Community Forums (archive) »
  • Old sections (read-only, deprecated) »
  • Support »
  • Using CiviCRM »
  • Using Core CiviCRM Functions (Moderator: Yashodha Chaku) »
  • Security/privacy issues using Profile

This forum was archived on 2017-11-26.