Search Again: Re: Security Issue From: Shawn Hogan Date: Sunday, January 12, 2003 Time: 10:43:01 am Jeff Folk wrote: > I have verified that if customer A has no e-mail set up in his customer > record and customer B has an override e-mail set to the same > login@default.domain as customer A, an e-mail is sent to customer A's > login@default.domain address. BUT, entering an override e-mail is a > covert operation. Looks like maybe Shawn needs to add one step of logic > to the password recovery routine. If there is no e-mail service on a > customer record then no mail should be sent. I think the dialog should > say something like: > > "Duh! You don't have e-mail on our system..." The only way that would do anything "funny" is if the customer that was requesting the email set the override email. Not the other way around. Customer A can't set their override email to "joe@whatever.com" and then if joe (Customer B) requests a password it's not going to do anything because it's a different account. The only thing that would be "odd" is if Customer A requests their password, it's going to send it to "joe@whatever.com" because that's the override email for Customer A. Optigold does not *seach* on override email when looking up the customer, it's just where it gets sent to when a customer is sent email. And you only can set the override email address for your own account. - Shawn ---------------------------------- Shawn D. Hogan President, Digital Point Solutions http://www.digitalpoint.com (858) 452-3696 --------------------------------------------------- To subscribe, unsubscribe or to search list archive please visit http://www.optigold.com/lists/isp.html ---------------------------------------------------

Messages In This Thread: Security issue by Eivind Ravndal on Apr 29, 2002 at 8:19:48 am Re: Security issue by Shawn Hogan on Apr 30, 2002 at 10:26:09 pm Security Issue by Mike Bacher on Jan 11, 2003 at 10:24:13 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 11:13:42 am Re: Security Issue by Mike Bacher on Jan 11, 2003 at 11:58:41 am Re: Security Issue by Shawn Hogan on Jan 11, 2003 at 12:22:56 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 1:21:07 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 4:47:30 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 5:04:27 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:06:19 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:21:09 pm Re: Security Issue by Jeff Folk on Jan 11, 2003 at 5:31:59 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:27:39 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:31:18 pm Re: Security Issue by Mike Bacher on Jan 11, 2003 at 9:32:49 pm Re: Security Issue by Jeff Folk on Jan 12, 2003 at 7:19:23 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 10:07:22 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:37:39 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:38:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:40:21 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:43:01 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:45:48 am Re: Security Issue by Shawn Hogan on Jan 12, 2003 at 10:47:52 am Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:04:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:07:58 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:10:49 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:16:48 pm Re: Security Issue by Mike Bacher on Jan 12, 2003 at 1:21:23 pm Re: Security Issue by Matthew Bailey on Jan 12, 2003 at 4:07:28 pm Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 9:23:23 am Re: Security Issue by Mike Bacher on Jan 13, 2003 at 11:39:54 am Re: Security Issue by customers1st@yeipost-netsolution.net on Jan 13, 2003 at 11:52:15 am Re: Security Issue by Bryan Kroger on Jan 13, 2003 at 12:00:47 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:02:19 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:07:51 pm Re: Security Issue by Shawn Hogan on Jan 13, 2003 at 12:11:54 pm Re: Security Issue by Matthew Bailey on Jan 13, 2003 at 12:27:50 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:46:53 pm Re: Security Issue by Mike Bacher on Jan 13, 2003 at 12:47:26 pm Re: Security Issue by Fernando Huerta =?iso-8859-1?Q?Zu=F1iga?= on Jan 13, 2003 at 1:52:09 pm