[ic] instant affiliate reporting?

Jeff Dafoe interchange-users@icdevgroup.org
Tue Dec 10 22:06:01 2002


It appears that by removing the first [if-mm !advanced] blocks from
trafficstats and orderstats, interchange's reporting system will then allow
affiliates to log in and view only their respective traffic and order stats.
The affiliate group does need to have the "stats" flag.

I can't find any security issues created by this thusfar.  The user still
has to be able to log into the admin UI.  If the user doesn't have the
trafficstats or orderstats permissions, the reports adopt the current
username as the affiliate name, thus generating no report results for
unauthorized users.

I am interested in comments, it is possible I am overlooking an issue.


Thanks,
Jeff