Menu
▾
▴
Re: [Phphelpdesk-help] A hole about helpdesk..
|
From: Andrew <ajw...@ro...> - 2001-11-28 02:35:36
|
Pim; Yes, you can delete from the security table, it won't cause problems (just be carefuly when doing any update or delete sql) ... You can also use sql to change passwords if needed (they are stored as plain text) The current version of the helpdesk does have a delete user option .. I don't remember which version this feature was added to, but it's been there quite a while. Andrew On Tuesday 20 November 2001 09:36, Pim van Stam wrote: > > -----Oorspronkelijk bericht----- > > Van: php...@li... > > [mailto:php...@li...]Namens Kevin M. > > Shortt > > Verzonden: dinsdag 20 november 2001 15:08 > > Aan: Pim van Stam > > CC: php...@li... > > Onderwerp: RE: [Phphelpdesk-help] A hole about helpdesk.. > > > > On Tue, 20 Nov 2001, Pim van Stam wrote: > > > I rather like to know what the leak exactly is and how to solve it. > > > Is it possible for anyone to tell? > > > > I posted last week about one issue I discovered. > > If the issue is known about, and all default usernames/passwords > > are cleaned up properly, then I really isn't any way a user > > could get the access. > > > > The issue I discovered can be read in detail at: > > http://sourceforge.net/tracker/index.php?func=detail&aid=48167 > > 8&group_id=5706&atid=205706 > > > > The issue of the demo site password being changed, was that the > > default usernames with default privileges were installed and > > unchanged. > > so anyone familiar with phphelpdesk would be able to guess it, and > > comprise the phphelpdesk demo. That's the extent of it really. > > > > All and all the software is sound. > > > > To follow the information posted on the url above, click on > > the "Browse" > > link near the top of the page, that will bring you to the index of > > posts for phphelpdesk. > > > > I hope this helps. > > > > > > -k > > Is there a solution, apart from deleting from the database directly by > 'mysql'? > And if not, if I delete from the table security, with the following, is > there anything else left behind? > > mysql> delete from security where s_user='testuser'; > > > Regards, Pim > > > > > _______________________________________________ > Phphelpdesk-help mailing list > Php...@li... > https://lists.sourceforge.net/lists/listinfo/phphelpdesk-help |
