Hi
Can´t find it now, but I am pretty sure it is possible showing a page with a certain template with something like this www.mysite.com?default.aspx&id=2&template=randomtemplate.cshtml
This can result in some information being exposed, that we don´t want to be exposed.
if we eg. have a template for extranet pages, where we want some part of the page to be public, while other parts are not public - then we use the template to check if the user is logged in or not, and if they are logged in - we render the item fields.
However, if the item fields share systemnames with fields in other items, used in totally different context - and they have another template attached, then it would be possible to expose the info we don´t want to show, by viewing the extranet page - but viewing it with another template.
Is there any way of disabling the template query for a whole solution, or for just a certain types of pages/items?
/Hans