[ic] security

John Beima jbeima@reality.palb.com
Sun, 26 Nov 2000 20:04:25 -0700 (MST)


Actually after looking through your databases, I must assure everyone this is 
NOT I repeat NOT a bug...

You have had 102 people use the auto creation of a user account on your checkout 
page. Which may be part of the source of the problem, but it seems to be workign 
fine.

There were at LEAST ten invoices sold to an account with " " as the username and 
 " " as the password. What is just happening is each person down the line is 
logging on as the last person hences having his data retrieved.

I am not sure how they are creating an account with a 1 character space as the 
username and password, but someone did. The rest just logged on under it.

Maybe we should beg Mike to take a little look into this. Peter is running 4.5.6 
of Interchange...


John Beima


Quoting peterferguson <peterferguson@tinyworld.co.uk>:

> Has anyone experienced seeing others user details on checkout?
> 
> Please contact me as to how this problem can be resolve.
> 
> Thanks,
> 
> Pete
> 


John Beima
jbeima@palb.com

P.A.L.B. Systems - Phone: (780)451-1086 - Fax: (780)447-4760
11639-122 Street, Edmonton, Alberta, Canada, T5M 0B6