[Interchange-bugs] [Bug 71] Changed - admin ui order entering thingy can create a user with a blank id
bugzilla-daemon@localhost.akopia.com
bugzilla-daemon@localhost.akopia.com
Thu, 22 Mar 2001 19:15:12 -0500
http://developer.akopia.com/bugs/show_bug.cgi?id=71
*** shadow/71 Thu Mar 22 19:13:11 2001
--- shadow/71.tmp.17941 Thu Mar 22 19:15:12 2001
***************
*** 44,46 ****
--- 44,61 ----
logging on. We lost about 5 orders yesterday due to this bugs and others have
decided not to order because they are in fear of their information being
exploited.
+
+ ------- Additional Comments From rphipps@reliant-solutions.com 2001-03-22 19:15 -------
+ The comment should read:
+
+ In addition to automaticalling logging on this also allows a customer to view
+ the last customer's, who ordered with a blank username, information including
+ their address, phone, email and other information found in the checkout screen
+ (luckily not the CC). We just had this happen on our system and it was due to
+ a blank user being created through the UI using the order desk. I think two
+ stops should be put in place, require the Customer ID on the Order Desk AND do
+ not allow a blank username as a proper login when checking for credentials.
+ This way if a blank username creaps into the system in another way it will
+ atleast not be valid for logging on. We lost about 5 orders yesterday due to
+ this bugs and others have decided not to order because they are in fear of
+ their information being exploited.