Re: E-Procurement Staging accessible to public?

From: Ish Sookun <ish_at_hacklog.mu>
Date: Wed, 20 Jan 2016 15:02:23 +0400

Dear Mr Mulloo,

Thank you for the update. I appreciate.

Though the URL is not advertised, the content therein is indexed by
search engines. I stumbled on eprocstaging.publicprocurement.govmu.org
through a search engine. There are various methods that the application
owner may use to prevent the content from being indexed. In my opinion a
staging platform is less secure than production and a malicious user
might use it as a test bed to identify flaws that could be exploitable
on production.

Business owners are invited to use the E-Procurement platform for
submitting documents. I believe those documents are of sensitive nature.

Is there a compliance document that application owners should abide to?

Regards,

-- 
Ish Sookun
- Geek by birth, Linux by choice.
- I blog at HACKLOG.mu.
https://twitter.com/IshSookun ^^ Do you tweet?
Received on Wed Jan 20 2016 - 11:02:48 PST

This archive was generated by hypermail 2.3.0 : Wed Jan 20 2016 - 11:09:03 PST