Search Again: Re: Security Issue From: Jeff Folk Date: Saturday, January 11, 2003 Time: 4:47:30 pm Mike; How did you end up with this scenario in your system? an import? I just tried to set my system up to test your scenario and am unable to do so. When I try to create an e-mail login for customer B that matches an existing login for customer A, OG barks at me saying the login is not unique and will not create the e-mail. When I try to create a new customer with a login used by another customer's additional e-mail, OG barks and says that it is already in use (and by who), also refusing to create the new customer. So, while I think that it is possible for someone to be so dense as to request a password to be e-mailed to them when they have no e-mail in your system, at least Optigold will not allow you to create the scenario you have described (unless there is some bizarre preference setting somewhere I don't want to know about because having duplicate logins would be a BAD thing). Regards; Jeff On Saturday, January 11, 2003, at 03:19 PM, ISP List wrote: > err maybe we aren't talking about the same thing here. I am talking > about the Password Recovery feature in the Customer Web Interface. If > Customer A goes to that web page and puts in his login (joe) and his > accurate zip code, and he has no E-mail addresses or Override E-mail > specified inside OG, it sends the E-mail with his password to > "joe@<main domain>", which actually belongs to Customer B. > > --Mike --------------------------------------------------- To subscribe, unsubscribe or to search list archive please visit http://www.optigold.com/lists/isp.html ---------------------------------------------------

Messages In This Thread: Security issue by Eivind Ravndal on Apr 29, 2002 at 8:19:48 am Re: Security issue by Shawn Hogan on Apr 30, 2002 at 10:26:09 pm Security Issue by Mike Bacher on Jan 11, 2003 at 10:24:13 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 11:13:42 am Re: Security Issue by Mike Bacher on Jan 11, 2003 at 11:58:41 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 12:22:56 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 1:21:07 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 4:47:30 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 5:04:27 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:06:19 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:21:09 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:31:59 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:27:39 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:31:18 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:32:49 pm Re: Security Issue by Jeff Folk on Jan 12, 2003 at 7:19:23 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 10:07:22 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:37:39 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:38:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:40:21 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:43:01 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:45:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:47:52 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:04:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:07:58 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:10:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:16:48 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:21:23 pm Re: Security Issue by Matthew Bailey on Jan 12, 2003 at 4:07:28 pm Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 9:23:23 am Re: Security Issue by Mike Bacher on Jan 13, 2003 at 11:39:54 am Re: Security Issue by customers1st@yeipost-netsolution.net on Jan 13, 2003 at 11:52:15 am Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 12:00:47 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:02:19 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:07:51 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:11:54 pm Re: Security Issue by Matthew Bailey on Jan 13, 2003 at 12:27:50 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:46:53 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:47:26 pm Re: Security Issue by Fernando Huerta =?iso-8859-1?Q?Zu=F1iga?= on Jan 13, 2003 at 1:52:09 pm