[ic] Log in with blank username and password

[Ron Phipps]

> -----Original Message-----
> From: interchange-users-admin@interchange.redhat.com
[mailto:interchange-
> users-admin@interchange.redhat.com] On Behalf Of Garry
> Sent: Wednesday, August 29, 2001 8:36 AM
> To: interchange-users@interchange.redhat.com
> Subject: [ic] Log in with blank username and password
> 
> I am also getting users going to the "login" page, but not entering
any
> username or password to login.  IC still accepts them and allows them
to
> amend the personal info.
> 
> Is there a way to stop this and make sure a username is entered?
> 

Garry,

Which version of IC?  In minivend and the early IC's it was possible for
a blank username to be created by using the order desk to enter an order
without a username.  Then when users would hit the login button it would
accept this blank username, login them in, and allow them to not only
change the information in the personal but also see past orders for
other users that logged in with the blank username.  Mike fixed this bug
in one of the later versions of IC (check bugzilla for the exact
version) and now a blank username is not valid.  If this is the symptom
you are subscribing then the way to fix it on your side is to search
userdb for a blank username (run some sql tool against your db with the
query: select * from userdb where username = '') Then you need to change
the username and password for this user so that no one logs on as this
user again and there is no longer a blank username in your database.
After that's complete the users should have to login if they are
attempting to go to the personal info section of the account.  The way I
know of to prevent this from happening again if you do not upgrade is to
make sure that when you use the order_desk that you enter a username
when entering the order.  Good luck!

-Ron