 |  |
At 10:38 AM 1/12/2003 -0800, you wrote:
Re: Security Issue
From: Mike Bacher
Date: Sunday, January 12, 2003
Time: 1:07:58 pm
>ISP List wrote:
>
> > Nope. I actually noticed it when I was testing the password retrieval
> > feature and decided to see what would happen if the customer that was
> > requesting the password retrieval had no E-mail addresses/Override E-mail
> > on file. Try it, you'll see what I'm talking about.
>
>It would go to the same email that *all* their email goes to (invoices,
>statements, letters, etc.)
If the customer only got paper versions of all of the above (which is what
we default to), then this situation would not have shown itself until
now. Now that you've pointed out that the above is also true, I would
suggest that an option be created to stop this behavior as the same
situation can potentially occur with invoices, statements, overdue notices,
etc assuming somehow that customer's preferences got set to E-mail instead
of Paper.
>What assumption is that? I'm still not sure where you expected the email to
>be sent to...
The assumption that if the customer has no E-mail addresses, that sending
to login@maindomain.com is the right thing to do. I don't want the E-mail
to be sent anywhere, I want it to throw an error or not send it at all.
--Mike
---------------------------------------------------
To subscribe, unsubscribe or to search list archive
please visit http://www.optigold.com/lists/isp.html
---------------------------------------------------
Messages In This Thread:
Return to Digital Point Solutions' Home Page
| home | |
| products | |
| services | |
| support | |
| email lists |
| optigold isp | |
| optigold isp news | |
| home inspection | |
| inspectrix | |
| java companion | |
| oracle | |
| quickdns pro | |
| search engine | |
| veterinary |
| tips | |
| employees | |
| free tools | |
| portfolio | |
| jobs | |
| contact |
888/4-DPOINTSupport:
858/452-3696