Start a new topic

Insecure data transfer to the Searchanise servers

Hello,


Your addon initiates insecure data transfer of such information as email and parent_private_key via HTTP connection with no encryption. This is highly insecure because a lot of shared hosting providers or transport providers have sticky fingers and pass/sell this data to third parties.


I mean the "SE_SERVICE_URL" constant in "Not configurable constants" (app/addons/searchanise/func.php), which contains hardcoded URL "http://www.searchanise.com" and is used in the code 6 times. Please fix it.


---

AWS Cloud hosting for CS-Cart, Multi-Vendor, WordPress, and Magento

by Simtech Development - AWS and CS-Cart certified hosting provider

free installation & migration | free 24/7 server monitoring | free daily backups | free SSL | and more...

Hi,


Thank you for your information. We have forwarded it to our developers and the changes should be included in one of the future updates.

btw, you have the same issue in the WooCommerce Searchanise addon (Version:1.0.4).


File: "./wp-content/plugins/smart-search-for-woocommerce/init.php"

Contant: "fn_se_define('SE_SERVICE_URL', 'http://www.searchanise.com');"


---

AWS Cloud hosting for CS-Cart, Multi-Vendor, WordPress, and Magento

by Simtech Development - AWS and CS-Cart certified hosting provider

free installation & migration | free 24/7 server monitoring | free daily backups | free SSL | and more...


Login or Signup to post a comment