Posting in the Magento forums has been disabled pending the implementation of a new and improved forum solution which should better serve the community.

For new questions please post at magento.stackexchange.com, the community-run support site for the Magento community. We will be providing updates on the new forum solution soon. For questions or concerns please email community@magento.com.

Magento Forum

Email addresses publicly available online (Problem)
 
kooljp
Jr. Member
 
Total Posts:  26
Joined:  2009-12-30
Melbourne, Australia
 

Hi all,

Our domain name has a url ending with “media/import/magento/newsletter/email/subscribers.csv”

If you type this directly into a browser it shows over 2000 entries of our mailing list, including the full name and email address of an individual

This is a possible breach of privacy.

Is there a way to keep our mailing list information and hide the url so it is not accessable by anyone?

Thanks in advance

JP

 
Magento Community Magento Community
Magento Community
Magento Community
 
chiefair
Mentor
 
Avatar
Total Posts:  1848
Joined:  2009-06-04
 

Put a .htaccess file in the /email/ folder with a default deny and deny from all.

Is this .csv file really necessary for your email list to be sent? Given the directory naming, research to see if its just an import file which probably should be deleted immediately after the import process. The file that isn’t there can’t be accidentally read either.

 
Magento Community Magento Community
Magento Community
Magento Community
 
kooljp
Jr. Member
 
Total Posts:  26
Joined:  2009-12-30
Melbourne, Australia
 

Thanks for the advice.

The file has promptly been deleted.

Cheers
JP

 
Magento Community Magento Community
Magento Community
Magento Community
Magento Community
Magento Community
Back to top