Request data access

Hi there,

Thanks for using Ninja GDPR plugin!
From what you illustrated, I do not see any unsafe process here, because even logged in users need to specify what Emails they need to get messaged to.

Also, how can you know the Email of others anyway?

If you have further illustrations to butress your explanation, please record a short screencast to better show exactly what you mean so that we can understand you properly.

Kind regards,
-Bruce-

Hi Bruce, is not a big matter know other users email, can be a collague, a friend o someone you already know…

if you are already logged in why put again email field? just a smart button and a stupid popup to advice.

its complicated?

Hi @fabio323ti ,

The thing is, that Email field is for anyone o put any of their Emails there, it does not necessarily have to be the Email they have logged in with.

Also, surely, only anyone with the login credentials to that Email can have access to it. So, I do not see any security loopholes.

Hope this clarifies!

Thank you!

Kind regards,
-Bruce-

Yes you’re right about security but email fieled for logged-in user should be hide
Its does not have any sense if you use in “account page”.

if you’re talking about to put shortcode on homepage where anybody can put a email address and request data… this is another pair of shoes.

thanks

Hi @fabio323ti ,

“email field for logged-in user should be hide
Its does not have any sense if you use in “account page”

==> I think not, because logged-in users might wish to input and use a different Email to receive the data notice, and not necessarily their logged in Email or perhaps, they have multiple account types registered on the site with different Emails.

Thank you!

Kind regards,
-Bruce-