Incredible: CSV export without password protection!

09.02.2015 17:15
Joomshopping forum user no avatar
Name: Jens-Erik
Posts: 2
Incredible: CSV export without password protection!


After configuring our website so that the direct download of CSV and Excel files is prohibited (as there are some CSVs on our server that are used for output but should not be downloadable), I noticed that the download of teh CSV in JoomShopping didn't work any more.

The reason is that the export extension - we even paid about 20 € for that - just puts CSV files onto the server instead of creating and serving the CSVs on the fly.

That means that the CSVs can be downloaded without password protection, unless you re-configure your web server. So if you find out that JoomShopping is being used on a website, you can try if this CSV extension is installed and use the download links and get all data of the orders that are in the CSV. And that's a really bad software design!

Please change it asap!

P.S.: I am German, but I wrote in English, as there are also non German speaking users in this forum.

Joomla: 2.5.20
JoomShopping: 3.6.1
PHP: 5.2
MySQL: 5.1.73
09.02.2015 20:33
(Support Team)
User webdesigner
Name: Admin
Posts: 16103
Aw: Incredible: CSV export without password protection!

Upload .htaccess to your folder

Deny, From All



AuthName "Private zone"
AuthType Basic
AuthUserFile /{full patch}/.htpasswd
require valid-user

need create .htpasswd and upload to your server

Copyrights MAXXmarketing GmbH. All Rights Reserved