Duplicate Usernames Permitted Allows Potential Access to other members data
I have just taken a call from a client advising me that one of their paid members has logged into their account and been able to access the details of a former member which raises obvious privacy issues. On investigation both the current and former members seem to have the same login/username? Anyone else experienced the issue or similar?
It's something that should be handled automatically by the memberhip provider. I've checked the code for 4.0.3 and it shouldn't be possible to create a member with the same username as it will raise an exception (if using Member.MakeNew()) or set status parameter of CreateUser() to MembershipCreateStatus.DuplicateUserName
Still doesn't answer your question, but might be helpful in checking on a local installation
The client sets the username themselves using the UI so to be honest I am not entirely sure how this situation was achieved at the moment. Changing the members username corrected the situation and luckily on this occasion the member was honest enough to come forward and let them know.
Duplicate Usernames Permitted Allows Potential Access to other members data
I have just taken a call from a client advising me that one of their paid members has logged into their account and been able to access the details of a former member which raises obvious privacy issues. On investigation both the current and former members seem to have the same login/username? Anyone else experienced the issue or similar?
Running Umbraco 4.0.3
Scary! How do you create your users? You should check to see if the username already exists obviously..
Hi Simon,
It's something that should be handled automatically by the memberhip provider. I've checked the code for 4.0.3 and it shouldn't be possible to create a member with the same username as it will raise an exception (if using Member.MakeNew()) or set status parameter of CreateUser() to MembershipCreateStatus.DuplicateUserName
Still doesn't answer your question, but might be helpful in checking on a local installation
Cheers,
/Dirk
The client sets the username themselves using the UI so to be honest I am not entirely sure how this situation was achieved at the moment. Changing the members username corrected the situation and luckily on this occasion the member was honest enough to come forward and let them know.
is working on a reply...
This forum is in read-only mode while we transition to the new forum.
You can continue this topic on the new forum by tapping the "Continue discussion" link below.