#2645 Combination e-mail/password not unique

R2.6.3
closed
nobody
None
5
2007-12-11
2007-08-31
dotbaseac
No

Webstore uses user-email and user-password to connect to the system. As neither email nor email-password are unique in Compiere this can lead to a situation where 2 users will have the same email and password in the database.

If this happen, when the second user is authenticated via webstore, the system will use the first account found with these fields values. In other words, the second user will access the account, the invoices, the payments of the other user.

Is there any reason not to create an unique index in table AD_USER with columns EMAIL and PASSWORD ?

Discussion

  • Kathy Pink

    Kathy Pink - 2007-09-04
    • assigned_to: nobody --> kmpink
    • status: open --> pending
     
  • Kathy Pink

    Kathy Pink - 2007-09-07
    • assigned_to: kmpink --> nobody
    • status: pending --> open
     
  • Kathy Pink

    Kathy Pink - 2007-12-11
    • milestone: --> R2.6.3
     
  • Kathy Pink

    Kathy Pink - 2007-12-11

    Logged In: YES
    user_id=329831
    Originator: NO

    We are moving all Open Support Requests, Bugs and Feature Requests to Compiere Case Management. Please refer to the following link for information on creating new Support Requests.
    http://www.compiere.com/support/community.php

    Thank you

     
  • Kathy Pink

    Kathy Pink - 2007-12-11
    • status: open --> closed
     

Log in to post a comment.