[ic] security

John Beima jbeima@reality.palb.com
Thu, 25 Jan 2001 21:10:55 -0700 (MST)


Ron & Sonny,

If you are using MySQL to drive your back-end, the problem lies in the 
userdb.mysql file. It is not in proper sync. with the userdb.txt file.

If you correct the errors in the userdb.mysql file, this problem seems to 
completely go away.

It has actually been around since the 3.XX version of MiniVend...

I have had it appear with two different clients, and correcting that definitions 
file in both cases caused the problem to go away.

John Beima


Quoting Ron Phipps <rphipps@reliant-solutions.com>:

> Mike,
> 
> This could very well be.  This database was brought over from Minivend
> 4.04
> a few months ago.  We are getting ready to launch a high traffic site
> next
> week on an empty database so I'll keep an eye on it and post here if
> blank
> users show up.  Thanks.
> 
> -Ron
> 
> ----- Original Message -----
> From: "Mike Heins" <mikeh@minivend.com>
> To: <interchange-users@lists.akopia.com>
> Sent: Thursday, January 25, 2001 6:28 PM
> Subject: Re: [ic] security
> 
> 
> > Quoting Ron Phipps (rphipps@reliant-solutions.com):
> > > Sonny,
> > >
> > > I just had a client report that his users were able to login without
> > > specifying a username and password.  When they did it would pull up
> info
> for
> > > a person by the name of Kelly.  I looked in the db and sure enough
> the
> > > username field was blank.  It appears that there is a bug somewher
> ein
> the
> > > accoutn creation routine that allows for this happen.  We have not
> seen
> hwo
> > > this is done, jsut know that it can be done.  Any ideas?
> >
> >
> > This should have been fixed at 4.6.1....the username might have been
> > prior to that, I suppose.
> >
> > I will put it back in the bug list if you can confirm it is still
> > possible to create a blank username.
> >
> > --
> > Akopia, Inc., 131 Willow Lane, Floor 2, Oxford, OH  45056
> > phone +1.513.523.7621 fax 7501 <heins@akopia.com>
> >
> > Nature, to be commanded, must be obeyed. -- Francis Bacon
> >
> > _______________________________________________
> > Interchange-users mailing list
> > Interchange-users@lists.akopia.com
> > http://lists.akopia.com/mailman/listinfo/interchange-users
> 
> 
> _______________________________________________
> Interchange-users mailing list
> Interchange-users@lists.akopia.com
> http://lists.akopia.com/mailman/listinfo/interchange-users
> 



John Beima
jbeima@palb.com

P.A.L.B. Systems - Phone: (780)451-1086 - Fax: (780)447-4760
11639-122 Street, Edmonton, Alberta, Canada, T5M 0B6