[ic] MAGJOR New Account BUG!!!
rmdesjardins@dfwmicrotech.com
rmdesjardins@dfwmicrotech.com
Mon, 30 Oct 2000 13:24:23 -0600
Just tried it. Ouch that's nasty. What version of IC is this site running
under? We are running 4.5.5 based on simple the template and don't have
this problem. Although all our new accounts are created from the
new_account.html.
Ray
----- Original Message -----
From: "Eric Hull" <eric@webuildpcs.com>
To: <interchange-users@minivend.com>
Sent: Monday, October 30, 2000 12:14 PM
Subject: RE: [ic] MAGJOR New Account BUG!!!
> Go to www.webuildpcs.com or try on your own ic site.
> I would try on ours becasue we know the problem is here.
>
> From the first page, click on the log in button on the top of the site,
then
> click on new account button, then the last person who created an account
has
> their info in the fields. After you screw around for a while on the site,
> or go in with something in your basket - this does not always appear.
>
> Eric Hull
>
> -----Original Message-----
> From: interchange-users-admin@minivend.com
> [mailto:interchange-users-admin@minivend.com]On Behalf Of Cameron B.
> Prince
> Sent: Monday, October 30, 2000 11:49 AM
> To: interchange-users@minivend.com
> Subject: RE: [ic] MAGJOR New Account BUG!!!
>
>
> Have you been able to duplicate this? Can you provide exact steps to do
so?
>
> This is a disturbing situation, but we must first rule out the possibility
> of problems with the code in your account and login pages.
>
> I am aware of the problem with the error codes and error checking on the
> account page, but I have never seen this problem.
>
> Cameron
>
>
> -----Original Message-----
> From: interchange-users-admin@minivend.com
> [mailto:interchange-users-admin@minivend.com]On Behalf Of Eric Hull
> Sent: Monday, October 30, 2000 9:54 AM
> To: interchange-users@minivend.com
> Subject: RE: [ic] MAGJOR New Account BUG!!!
>
>
> This is a BIG PROBLEM - here is an email I recieved from a customer:
>
> There appears to be a possible security problem with your site.
> I just tried to create an account at your site, and it appeared to
> accept the account name ("wendy") and password that I entered, then
> displayed the message "Welcome to webuildpcs.com, Theresia!" The account
> information associated with that name is for a Theresia Edgar, in GA,
> and it has nothing to do with me.
> From a customer's perspective, this is very disturbing. If this
> Theresia is a real person, there is no way I should have been able to
> see her account information, accidentally or otherwise. It certainly
> does not inspire customer confidence in your security! If, on the other
> hand, that account information is intended as a "blank", a starting point,
> I would have to suggest to you that it is a bad idea, as it is confusing
> and misleading at best. At worst, it looks like a security breach which
> would undoubtedly turn customers away. Blank fields would be better.
> The primary reason that I am telling you about this is so that if
> it is in fact a security issue, you can correct it before someone takes
> malicious advantage of it. The other reason is that I worked in customer
> service for a long time, and was constantly told that 90% of the customers
> who go to competitors to do their business will never tell you why. So
> when someone submits a complaint or request, it is a rare chance to fix
> a problem that is probably coming between you and many, many more
potential
> customers than just the ones who bother to tell you..
> In the meantime, I do still want to order two computer cases from
> you, but given the nature of the problem, I'm going to be prudent and
> wait until business hours to call the order in.
>
> What the heck is the problem with IC?
> we have searched and searched and found no docs on this or even where to
> "refresh" this page - I have to take our site ofline now and that means I
> will be losing $$$
>
> Eric Hull
>
> -----Original Message-----
> From: interchange-users-admin@minivend.com
> [mailto:interchange-users-admin@minivend.com]On Behalf Of Strider
> Centaur
> Sent: Thursday, October 26, 2000 9:36 PM
> To: interchange-users@minivend.com
> Subject: Re: [ic] MAGJOR New Account BUG!!!
>
>
> I will second this as I have seen the same thing here in testing, I
> think this
> is part of the error handling schema and a lack on the part of Interchange
> to tell
> if this is the first time or not this form is being displayed to a user.
> In
> other words there seems to be a big flaw in the state checking of the
order
> page,
> anyone have any ideas?
>
> BTW, we have our first store in production and all seems well the URL
is
> http://www.greenpond.com and any comments or questions are always
> appreciated, you
> can send them to me or info@pwrgroup.com. :-)
>
>
>
>
> Beriah Dutcher wrote:
>
> > Hey Everybody,
> >
> > Well, my interchange web is doing good. Been getting 200 hits a
> day and
> > LOTS of items placed in baskets. However, FEW orders placed. I equated
> this
> > to first, the lack of a Secure Cert, second the price of shipping, then
> > yesterday I found a slight problem. When I got the secure thing fixed
and
> > the shipping was dropped all the way to EXACTY what UPS charges we were
> > STILL not getting orders. So I had a phone order yesterday and asked
the
> > customer to go through the web and place an order(gave him 5 bucks off
his
> > purchase :) ) He called back with the problem at hand. When creating a
new
> > account either fromt he login page or the processing page link. The new
> > account page fills itself in with the data of LAST person that created
an
> > account!!! Very VERY bad. This gives out the person address and phone
and
> > EVERYTHING. I have not figured out why this is happening so I thought I
> > would write the list.
> >
> > Beriah
> >
> > _______________________________________________
> > Interchange-users mailing list
> > Interchange-users@www.minivend.com
> > http://www.minivend.com/mailman/listinfo/interchange-users
>
> --
> Strider Centaur
> HTTP://www.Scifi-Fantasy.com
>
> " It is my observation that unless you really understand the issues,
you
> are
> hardly in a position to criticize. Nearly all Linux users have used
> Windows,
> but very few Windows users have used Linux. " -- Me
>
>
>
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@www.minivend.com
> http://www.minivend.com/mailman/listinfo/interchange-users
>
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@www.minivend.com
> http://www.minivend.com/mailman/listinfo/interchange-users
>
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@www.minivend.com
> http://www.minivend.com/mailman/listinfo/interchange-users
>
>
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@www.minivend.com
> http://www.minivend.com/mailman/listinfo/interchange-users
>