4 Jul, 2018 → by ClaimboUser592920
Logout bug
Shopkeep has a serious security problem. There is a vulnerability that can allow anyone with access to your computer to observe, and edit any and all of your important and confidential information -- like employee salaries. This should be embarrassing and become a high priority fix of a software bug. Here's how it works ---- I, the employer, and the only user of shopkeep for the company, am the only one who knows the login password. So I open my browser (Chrome) and log into shopkeep. Do my work and logout. Seems so far, so good. Then I leave the store's computer running for other uses thinking that all is well. Not true! Anyone can now get on the terminal and hit the back arrow. They are then redirected to the last screen prior to logout. More back arrows and they can see everything that I did during that last session. Not only that, they are me -- properly logged in and able to edit the company information. It is only if I exit the browser session that the back arrow won't take me back inside shopkeep. I expect a reply to this disclosure and some serious apologies. You better fix it fast now that the security breech has been discovered and disclosed. Reply to woolley@***.com