[ic] security

[Mike Heins]

Quoting Ron Phipps (rphipps@reliant-solutions.com):
> Sonny,
> 
> I just had a client report that his users were able to login without
> specifying a username and password.  When they did it would pull up info for
> a person by the name of Kelly.  I looked in the db and sure enough the
> username field was blank.  It appears that there is a bug somewher ein the
> accoutn creation routine that allows for this happen.  We have not seen hwo
> this is done, jsut know that it can be done.  Any ideas?


This should have been fixed at 4.6.1....the username might have been
prior to that, I suppose.

I will put it back in the bug list if you can confirm it is still
possible to create a blank username.

-- 
Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH  45056
phone +1.513.523.7621 fax 7501 <heins@akopia.com>

Nature, to be commanded, must be obeyed. -- Francis Bacon