[ic] security

Sonny Cook sonny@akopia.com
Mon, 27 Nov 2000 13:34:37 -0600 (CST)


Although it is not technically a bug, a blank username in the system will
do bad things.  Any way that exists to create a user with a blank username
is a bug.  If you discover any ways to do this (within interchange) please
report it.

---
Sonny Cook 
Akopia

"I don't want fifteen dollars."  --Franklin D. Rooselvelt

On Sun, 26 Nov 2000, John Beima wrote:

> Actually after looking through your databases, I must assure everyone this is 
> NOT I repeat NOT a bug...
> 
> You have had 102 people use the auto creation of a user account on your checkout 
> page. Which may be part of the source of the problem, but it seems to be workign 
> fine.
> 
> There were at LEAST ten invoices sold to an account with " " as the username and 
>  " " as the password. What is just happening is each person down the line is 
> logging on as the last person hences having his data retrieved.
> 
> I am not sure how they are creating an account with a 1 character space as the 
> username and password, but someone did. The rest just logged on under it.
> 
> Maybe we should beg Mike to take a little look into this. Peter is running 4.5.6 
> of Interchange...
> 
> 
> John Beima
> 
> 
> Quoting peterferguson <peterferguson@tinyworld.co.uk>:
> 
> > Has anyone experienced seeing others user details on checkout?
> > 
> > Please contact me as to how this problem can be resolve.
> > 
> > Thanks,
> > 
> > Pete
> > 
> 
> 
> John Beima
> jbeima@palb.com
> 
> P.A.L.B. Systems - Phone: (780)451-1086 - Fax: (780)447-4760
> 11639-122 Street, Edmonton, Alberta, Canada, T5M 0B6
> 
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@www.minivend.com
> http://www.minivend.com/mailman/listinfo/interchange-users
>