- When you edit an item from the Back-End, there is a keep-alive script running that keeps the session active. This is a great convenience in most cases, as it prevents you from losing all your edits if you wait too long to submit the content. However, there are a few potential security issues to be aware of:
- If you walk away from your computer while you are editing content, someone else can use your computer to attack the site.
- Due to the risk of Cross-Site Request Forgery attacks (CSRF) it's never a good idea to browse the Internet in another window or tab while an open Joomla! Administrator session is active. Joomla! has been hardened against such attacks, but it's remotely possible that an as yet unknown vulnerability exists in the Joomla! core, a third-party extension, or the browser itself.
Posted in: Joomla