[Plugin: DB Cache Reloaded] Security hole?

  • PacheQ

    (@pacheq)


    15 years, 12 months ago

    Hello, I found combination of sociable fb-connect plugin + db cache reloaded + wpsupercache resulted in visitors being logged in after log out.
    To reproduce:
    1. WP-SuperCache + Sociable FBConnect Plugin
    -User logs on facebook
    -User visits wordpress blog, is recognised and can post comments
    -User visits facebook and logs out
    -User visits wordpress blog again, this time will appear as anonymous visitor.

    2. DB Cache Reloaded + WP-SuperCache + Sociable FBConnect Plugin, then clear cache
    -User logs on facebook
    -User visits wordpress blog, is recognised and can post comments
    -User visits facebook and logs out
    -User visits wordpress blog again, it’s still being recognised with user credentials.

    Best regards

    http://ww.wp.xz.cn/extend/plugins/db-cache-reloaded/

Viewing 1 replies (of 1 total)
  • LJagermaster

    (@the-living-legend)

    15 years, 4 months ago

    You could advise your members/visitors to clear their cookies (from their browser) after visiting your site. It’s a pain, I know, but doing this should delete the cookie set by facebook’s API and keep them logged out until they log back in manually. Alternatively, try tracking down a plugin/hack that will clear a specific cookie from your visitors browser (if such a thing exists) – be aware tho that you should add a disclaimer to your site informing people that this will happen and ensuring it’s for their own benefit 🙂

    Can’t help you with the plugin itself I’m afraid as it’s beyond my current ability…

Viewing 1 replies (of 1 total)

The topic ‘[Plugin: DB Cache Reloaded] Security hole?’ is closed to new replies.