3
Vote

Contact/email a friend xml output

description

Is it possible to give users the option to either choose the name and directory that the log files are stored, or if not have them moved to a more secure directory.
 
At present anyone with a site based on CWS can go to www.mysite.com/data/contact_form.xml or www.mysite.com/data/email_a_friend_form.xml and view the data that has been collected for that site, which contains private email address details etc.
 
Hope that makes sense and if i can be of any help let me know
 
Cheers
Hywel

comments

skaue wrote Aug 27, 2010 at 9:02 AM

I have been thinking the same. Right now the code has to be manually edited to point to a different more secure location and also make sure the appropriate service users have required access to that location.

warrenbuckley wrote Aug 27, 2010 at 9:52 AM

Hiya,
Would changing the file extension to .config files be ok of a solution, as I think IIS does not serve up *.config files. Do you know if this is right?
If so that would be the easiest way to solve this :)

What folders/paths are secure that they can be moved to?
Warren :)

Hywel wrote Aug 28, 2010 at 1:02 PM

Also been looking at this recently as well, and was thinking could an "if" statement be added so that if the logs are of 5 days for example old they are deleted and the process starts again, sort of an automated clean up

Sign in to add a comment or to set email notifications