Skip to content

Puffbox

Simon Dickson's gov-tech blog, active 2005-14. Because permalinks.

2014 | 2013 | 2012 | 2011 | 2010 | 2009 | 2008 | 2007 | 2006 | 2005

Code For The People company e-government news politics technology Uncategorised

api award barackobama barcampukgovweb bbc bis blogging blogs bonanza borisjohnson branding broaderbenefits buddypress budget cabinetoffice careandsupport chrischant civilservice coi commentariat commons conservatives consultation coveritlive crimemapping dailymail datasharing datastandards davidcameron defra democracy dfid directgov dius downingstreet drupal engagement facebook flickr foi foreignoffice francismaude freedata gds google gordonbrown governanceofbritain govuk guardian guidofawkes health hosting innovation internetexplorer labourparty libdems liveblog lynnefeatherstone maps marthalanefox mashup microsoft MPs mysociety nhs onepolitics opensource ordnancesurvey ournhs parliament petitions politics powerofinformation pressoffice puffbox rationalisation reshuffle rss simonwheatley skunkworks skynews statistics stephenhale stephgray telegraph toldyouso tomloosemore tomwatson transparency transport treasury twitter typepad video walesoffice wordcamp wordcampuk wordpress wordupwhitehall youtube

Privacy Policy

  • X
  • Link
  • LinkedIn
  • 4 Feb 2007
    Uncategorised

    Security hole in LibDems' online manifesto site

    Looks like something interesting coming out of Cowley Street: ‘For the next election the Liberal Democrats will produce a web-based interactive manifesto, which will use audio-visual communications as its centrepiece rather than the written word.’ Makes a lot of sense… I mean, did you ever read a printed manifesto? It’s party members only, but a quick glance at the source code shows it’s been done in WordPress 2.0.5, so you know what to expect.

    libdemsite.png

    I notice, though, that there’s a bit of a security hole in it? You aren’t meant to be able to get in unless you’re a party member, but it’s possible to see the latest postings and comments via the automatically-generated RSS feeds, which are currently unsecured. You can only see the first few words of each posting, but the comments are shown in full.

    Responses

    1. Will
      4 Feb 2007

      Well spotted. The main reason for it to be behind a login is so that only members can comment, but it is intended for members only to read so I’ve now disabled the feeds.

    2. SimonD
      4 Feb 2007

      Mmm… yes, I didn’t think you’d want the debate to be too open too soon. Don’t want anyone nicking your ideas just yet, eh? 🙂

Proudly Powered by WordPress