Learn how easy it is to sync an existing GitHub or Google Code repo to a SourceForge project! See Demo

Close

#2644 Login with inactive user in Web store is possible

R2.6.3
closed
nobody
Security (31)
5
2007-12-11
2007-08-31
Kai Egbert
No

Hi,

We found out that it is possible to login to the Webstore with a user we set to not active.

1.) Start Compiere Server and then visit the wstore
2.) Login with GardenUser, if successful logout.
3.) Open Window User in Compiere and set GardenUser to inactive.
4.) Login with Email and Password from inactive GardenUser again.

Regards,

Kai

Discussion

  • Kathy Pink
    Kathy Pink
    2007-08-31

    • assigned_to: kmpink --> nobody
     
  • sboda
    sboda
    2007-08-31

    Logged In: YES
    user_id=1705860
    Originator: NO

    *** Reclassified as Bug ***

     
  • sboda
    sboda
    2007-08-31

    • milestone: 746433 --> R2.6.3
     
  • sboda
    sboda
    2007-08-31

    Logged In: YES
    user_id=1705860
    Originator: NO

    Replicated

     
  • sboda
    sboda
    2007-08-31

    • labels: --> Security
     
  • Kathy Pink
    Kathy Pink
    2007-12-11

    • status: open --> closed
     
  • Kathy Pink
    Kathy Pink
    2007-12-11

    Logged In: YES
    user_id=329831
    Originator: NO

    We are moving all Open Support Requests, Bugs and Feature Requests to Compiere Case Management. Please refer to the following link for information on creating new Support Requests.
    http://www.compiere.com/support/community.php

    Thank you