as I said 'the latest svn version', maybe you should update your svn version because I fixed the 'create a new account' a couple of days ago, and at the same time, I made ir so that whenever the login screen is shown, it purges all the user list from it and recreates it, fetching the latest profiles stored, and select the latest used profile (in case you add a new profile, it allows the list of profiles to be updated), so the current behavior should be that after using a non-profile, when you logout, it should select back the last used profile, instead of the last logged in username/password. I'm wodnering if we should keep it like this, or if we should at least show the last username entered even if the remember_me option is unchecked.. can you do a svn update and see if you can still find the issue you're talking about ? thanks
KKRT On Mon, Mar 12, 2007 at 12:25:59PM +0000, Steve H wrote: > As far as creating a new account doesn't work, yes. But I'm assuming you > intend to fix that, and when you do this behaviour will become exploitable. > > On 3/11/07, Youness Alaoui <[EMAIL PROTECTED]> wrote: > > > >good point... but afaik, the latest svn version doesn't allow that, right > >? > > > >KKRT > > > >On Sun, Mar 11, 2007 at 06:26:35PM +0000, Steve H wrote: > >> Hey there, just wanted to point out a potential security flaw I came > >across > >> today with the new login screen. If a guest user logs in without > >selecting > >> to create an account or save password and then you choose to log out the > >> username & password are still in the login form. This leaves the ability > >to > >> then select create account and remember password and somewhat stealing > >the > >> guest user's password. > >> > >> Regards, Steve > > > >> > >------------------------------------------------------------------------- > >> Take Surveys. Earn Cash. Influence the Future of IT > >> Join SourceForge.net's Techsay panel and you'll get the chance to share > >your > >> opinions on IT & business topics through brief surveys-and earn cash > >> > >http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >> _______________________________________________ > >> Amsn-devel mailing list > >> Amsn-devel@lists.sourceforge.net > >> https://lists.sourceforge.net/lists/listinfo/amsn-devel > > > > > >------------------------------------------------------------------------- > >Take Surveys. Earn Cash. Influence the Future of IT > >Join SourceForge.net's Techsay panel and you'll get the chance to share > >your > >opinions on IT & business topics through brief surveys-and earn cash > >http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > >_______________________________________________ > >Amsn-devel mailing list > >Amsn-devel@lists.sourceforge.net > >https://lists.sourceforge.net/lists/listinfo/amsn-devel > > > ------------------------------------------------------------------------- > Take Surveys. Earn Cash. Influence the Future of IT > Join SourceForge.net's Techsay panel and you'll get the chance to share your > opinions on IT & business topics through brief surveys-and earn cash > http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV > _______________________________________________ > Amsn-devel mailing list > Amsn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/amsn-devel ------------------------------------------------------------------------- Take Surveys. Earn Cash. Influence the Future of IT Join SourceForge.net's Techsay panel and you'll get the chance to share your opinions on IT & business topics through brief surveys-and earn cash http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV _______________________________________________ Amsn-devel mailing list Amsn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/amsn-devel
