SECURITY FIX
As you are aware, access to all member areas of the site is denied for visitors who have not registered a log-in account. Once a person has registered, they become a Registered Member, and have access to certain member-only pages, such as the Naturist World Index page, but NOT the member list and member profiles. Once they have satisfactorily completed a personal profile they become a Community Member, giving access to all member pages, forums, profiles, chat, etc.
A while ago, Wix carried out an upgrade to the platform and a loophole in our permissions system developed, which I have now fixed.
The loophole was that a person could register an account and gain the Registered Member status. While this doesn't allow access to the member list, they still appear on the list and are visible to Community Members. This enables Community Members to "Follow" the newly registered person, and this is where the security breach occurred.
What was happening was that when a Community member Followed a registered member, that appears on the Registered Member's profile as a followers count below their thumbnail image. By clicking on that number, the Registered Member gained access to the profile of the Community Member following them. Once on that Community Member's profile, the Registered Member could then gain access to all the profiles of other members who that Community Member was following or being followed by.
THE FIX . . .
If you go to your profile page, you will see that we have removed the Followed and Followers number count below your thumbnail picture in the small window (circled in red in the diagram below). This means that you can still follow any newly registered person and it won't show on their profile, BUT they will receive notification that you are following them, which gives them a link back to your profile. SO - if you don't want newly registered members seeing your profile, don't follow them! However, If you do give them access to your profile by following them, your own Followers and Followed number count is also missing, thereby preventing a further progression through other member profiles. PLEASE DO NOT give registered members the URL of any other member profiles!
As it was . . .
As it is now . . .
If anyone discovers a problem as a result of this change, please let me know! Cheers!
Rok
Yes, Peter, that would be an example. When that lady registered, she attracted a number of Community Members to start following her. While she couldn't gain access to the member list directly, she clicked on her followers number to reach their profiles and then clicked on their followed and followers numbers to gain access to many more. As it turned out, she was here for all the wrong reasons anyway, so I have deleted her account.