Akopia Akopia Services
[Date Prev][Date Next][Thread Prev][Thread Next][Interchange by date ][Interchange by thread ]

Re: [ic] Blank usernames and new_account

At 12:17 AM 05/17/2001 -0400, you wrote:
>Hi
>
>I just had a situation on a IC 4.6.4 (based on construct) cart where the
>username.counter file was set to an earlier number (by a version control
>mishap) and IC was being asked to create a userid that already existed. When
>customers ordered, IC created an empty username in the mysql database, which
>was reused for subsequent orders where a userid was not supplied by the user.
>The reuse caused a leak of some data, as described in earlier 'blank 
>username'
>incidents reported on the list. No errors are logged when the create fails.
>
>Should there be some failsafe in new_account (or somewhere) to prevent '' 
>from
>ever being used as a username?

That auto-account creating is performed in etc/log_transaction, I 
believe.  The code could probably be expounded on to prevent your problem 
from occurring... or you might consider blowing it away.

- Ed L.


===============================================================
New Media E.M.S.               Software Solutions for Business
463 Main St., Suite D          eCommerce | Consulting | Hosting
Placerville, CA  95667         edl@newmediaems.com
(530) 622-9421                 http://www.newmediaems.com
(866) 519-4680 Toll-Free       (530) 622-9426 Fax
===============================================================

_______________________________________________
Interchange-users mailing list
Interchange-users@lists.akopia.com
http://lists.akopia.com/mailman/listinfo/interchange-users
Search for: Match: Format: Sort by: