Can some one please clarify the situation regards security.
This is pretty urgent.
Having uploaded the project i am am not able to access the dbase without login.
This is as expected.
What i didn't expect is being able to simply extend the url with say /site/Full_Oncall_Report_print.php
and being able to read all the confidential data. This is a serious flaw if this is normal default behaviour.
Anyone watching can access all the data via extending the url with the path and once you know 1 you can pretty much guess the rest.
I was under the impression when you upload your project Runner applies the correct chmod to prevent all of this?
Can you please clarify what the situation is.
Thanks,
Mike.
