[ic] security

Mike Heins mikeh@minivend.com
Thu, 25 Jan 2001 21:28:38 -0500

Quoting Ron Phipps (rphipps@reliant-solutions.com):
> Sonny,
> I just had a client report that his users were able to login without
> specifying a username and password.  When they did it would pull up info for
> a person by the name of Kelly.  I looked in the db and sure enough the
> username field was blank.  It appears that there is a bug somewher ein the
> accoutn creation routine that allows for this happen.  We have not seen hwo
> this is done, jsut know that it can be done.  Any ideas?

This should have been fixed at 4.6.1....the username might have been
prior to that, I suppose.

I will put it back in the bug list if you can confirm it is still
possible to create a blank username.

Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.7621 fax 7501 <heins@akopia.com>

Nature, to be commanded, must be obeyed. -- Francis Bacon