[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date
][Minivend by thread
]
Re: [ic] security
Although it is not technically a bug, a blank username in the system will
do bad things. Any way that exists to create a user with a blank username
is a bug. If you discover any ways to do this (within interchange) please
report it.
---
Sonny Cook
Akopia
"I don't want fifteen dollars." --Franklin D. Rooselvelt
On Sun, 26 Nov 2000, John Beima wrote:
> Actually after looking through your databases, I must assure everyone this is
> NOT I repeat NOT a bug...
>
> You have had 102 people use the auto creation of a user account on your checkout
> page. Which may be part of the source of the problem, but it seems to be workign
> fine.
>
> There were at LEAST ten invoices sold to an account with " " as the username and
> " " as the password. What is just happening is each person down the line is
> logging on as the last person hences having his data retrieved.
>
> I am not sure how they are creating an account with a 1 character space as the
> username and password, but someone did. The rest just logged on under it.
>
> Maybe we should beg Mike to take a little look into this. Peter is running 4.5.6
> of Interchange...
>
>
> John Beima
>
>
> Quoting peterferguson <peterferguson@tinyworld.co.uk>:
>
> > Has anyone experienced seeing others user details on checkout?
> >
> > Please contact me as to how this problem can be resolve.
> >
> > Thanks,
> >
> > Pete
> >
>
>
> John Beima
> jbeima@palb.com
>
> P.A.L.B. Systems - Phone: (780)451-1086 - Fax: (780)447-4760
> 11639-122 Street, Edmonton, Alberta, Canada, T5M 0B6
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@www.minivend.com
> http://www.minivend.com/mailman/listinfo/interchange-users
>
_______________________________________________
Interchange-users mailing list
Interchange-users@www.minivend.com
http://www.minivend.com/mailman/listinfo/interchange-users
