Forums » Questions & Answers »
ATTN: Lemon -- Security concern with embedded direct dial shortcuts....
Added by sublimnl over 2 years ago
Lemon, I uploaded a theme this morning and unfortunately had embed enabled on some trays that contained speed dial shortcuts for 12-15 of my contacts. As a result, I found out tonight that people have been getting my speed dial contact info! I even receieved an e-mail from one of my co-workers this morning saying she was getting crank calls starting at 530AM and was wondering if I knew if there was anything she could do on her Blackberry to stop it from happening.
I would suggest a warning be put in place to alert someone if they are uploading a theme with embedded direct dials or perhaps, to automatically strip that kind of info completely from themes as they are packaged. My theme was downloaded 165 times before I knew this had happened. :(
Replies
RE: ATTN: Lemon -- Security concern with embedded direct dial shortcuts.... - Added by Lemon over 2 years ago
Hi, yep the dev is aware of this and is looking at building a security feature around this.
Of course the Embed config of these trays is defaulted to "No" for this reason. So you need to manually enable embedding for this to happen.
Until changes are made around embedding read more here:
http://www.sweeterhome.com/projects/sweethome/wiki/Custom_Tray
RE: ATTN: Lemon -- Security concern with embedded direct dial shortcuts.... - Added by sublimnl over 2 years ago
Lemon,
Could you please download the most recent verion of my theme? I turned off embed when I uploaded it a couple of nights ago, but as of this morning, someone posted on my blog saying that they were still getting my contacts!!? I uploaded a new version again this morning, double checking that embed was off and deleting all my direct dials prior to upload to be double safe. I was trying to test on the Android emulator on my laptop, but the damn thing wont boot up for some reason!
If you still get my contacts when testing, then please remove it from the theme repo until we can figure this out. Thanks...
RE: ATTN: Lemon -- Security concern with embedded direct dial shortcuts.... - Added by juneau over 2 years ago
I just downloaded your theme, I do not see any contacts listed. You can delete your theme by long pressing it and choosing delete.
RE: ATTN: Lemon -- Security concern with embedded direct dial shortcuts.... - Added by sublimnl over 2 years ago
Thanks, good to know.