Security hole in LibDems' online manifesto site

Looks like something interesting coming out of Cowley Street: ‘For the next election the Liberal Democrats will produce a web-based interactive manifesto, which will use audio-visual communications as its centrepiece rather than the written word.’ Makes a lot of sense… I mean, did you ever read a printed manifesto? It’s party members only, but a quick glance at the source code shows it’s been done in WordPress 2.0.5, so you know what to expect.
libdemsite.png
I notice, though, that there’s a bit of a security hole in it? You aren’t meant to be able to get in unless you’re a party member, but it’s possible to see the latest postings and comments via the automatically-generated RSS feeds, which are currently unsecured. You can only see the first few words of each posting, but the comments are shown in full.

2 thoughts on “Security hole in LibDems' online manifesto site”

  1. Well spotted. The main reason for it to be behind a login is so that only members can comment, but it is intended for members only to read so I’ve now disabled the feeds.

  2. Mmm… yes, I didn’t think you’d want the debate to be too open too soon. Don’t want anyone nicking your ideas just yet, eh? 🙂

Comments are closed.