Thursday, March 29, 2012

JomSocial Album Privacy Issues

Hi,

I was working with JomSocial and I found some interesting (read: ridiculous) things regarding JomSocial. Here hey are:

1. Even if you set a video view to 'Only me', anyone can view, rate, comment on it if they just know the URL, the URL could also have been indexed by search engine.
2. Same issue with Album
3. But here is what was most amazing, if you are viewing someone else's album if you have rights to view or even if you don't have rights and you have gone through URL, you can change their album covers and even DELETE PICTURES.. yes literally delete pictures.. go try it yourself.




I don't know how it didn't come into notice so far or if it is supposed to be a feature, which clearly it shouldn't be. Maybe they have fixed it in 2.6 otherwise lets hope they do so soon as I have checked in 2.2 and 2.4 and its in both.

1 comment:

  1. i have privacy issues too. If a user creates an event and sets it as private, everyone still sees the event on their wall. Ain't user-created events suppose to be for users and their friends alone?

    ReplyDelete