 |  |
I have verified that if customer A has no e-mail set up in his customer
Re: Security Issue
From: Jeff Folk
Date: Saturday, January 11, 2003
Time: 5:06:19 pm
record and customer B has an override e-mail set to the same
login@default.domain as customer A, an e-mail is sent to customer A's
login@default.domain address. BUT, entering an override e-mail is a
covert operation. Looks like maybe Shawn needs to add one step of logic
to the password recovery routine. If there is no e-mail service on a
customer record then no mail should be sent. I think the dialog should
say something like:
"Duh! You don't have e-mail on our system..."
Regards;
Jeff
On Saturday, January 11, 2003, at 03:19 PM, ISP List wrote:
> err maybe we aren't talking about the same thing here. I am talking
> about the Password Recovery feature in the Customer Web Interface. If
> Customer A goes to that web page and puts in his login (joe) and his
> accurate zip code, and he has no E-mail addresses or Override E-mail
> specified inside OG, it sends the E-mail with his password to
> "joe@<main domain>", which actually belongs to Customer B.
>
> --Mike
---------------------------------------------------
To subscribe, unsubscribe or to search list archive
please visit http://www.optigold.com/lists/isp.html
---------------------------------------------------
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696