[wp-trac] [WordPress Trac] #44230: Export Personal Data Flaw
WordPress Trac
noreply at wordpress.org
Thu Jun 7 13:42:44 UTC 2018
#44230: Export Personal Data Flaw
--------------------------+------------------------------
Reporter: psycleuk | Owner: (none)
Type: defect (bug) | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Privacy | Version: 4.9.6
Severity: major | Resolution:
Keywords: | Focuses:
--------------------------+------------------------------
Changes (by psycleuk):
* keywords: reporter-feedback =>
Comment:
Missed removing the reporter-feedback keyword on my previous comments.
Again, i reiterate my point that security by obscurity is not secure. The
current implementation has no ACL on who can download the created zip
file, which it should be only the user that the data is about and they
should have to login to get access to it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/44230#comment:5>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list