Dear Mr Mulloo,
Thank you for the update. I appreciate.
Though the URL is not advertised, the content therein is indexed by
search engines. I stumbled on eprocstaging.publicprocurement.govmu.org
through a search engine. There are various methods that the application
owner may use to prevent the content from being indexed. In my opinion a
staging platform is less secure than production and a malicious user
might use it as a test bed to identify flaws that could be exploitable
on production.
Business owners are invited to use the E-Procurement platform for
submitting documents. I believe those documents are of sensitive nature.
Is there a compliance document that application owners should abide to?
Regards,
--
Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.mu.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Wed Jan 20 2016 - 11:02:48 PST