Hi, first of all: it had been a very bad idea to make such an essential change without discussing or at least without informing before ...! The OXID has always been a fixed value and all connections to other tables do use this.
>From one point of view - and maybe even from a legal point of view - the >deletion of unregistered users is right - BUT: should be done immediately >after the order-process (including all the shipping stuff etc.) is done. To solve the problems of lost connections to remarks, history and other stuff for unregistered users you could relate these tables to the oxusername value and not to the OXID. But this would probably mean that you have to store both: OXID AND OXUSERNAME in the related tables. Cause if a user IS registered, you should always take the OXID and not the oxusername value cause he might change his email-address some time ... Regards! Andreas > Hi all, > > Due to the security issue #003 > (http://www.oxidforge.org/wiki/Security_bulletins/2009-003) we had to resolve > the handling of unregistered users this way: > - when user performs an order for the second time without registration, user > acount created during first order is deleted preserving order related > information, and new one account is created. > > Unfortunately, some partners claimed about it because they lost remarks > together with deleted accounts. The details are here: > https://bugs.oxid-esales.com/view.php?id=1441 > > Before implementing security fix #003, we discussed about how to solve that > in best way, investigated few solutions, and implemented the best in our > opinion. > But we are searching for a convinient way for all sides now to resolve this > issue. So we would like to get any feedback about other possible solutions, > or confirmation that current behavior is acceptable for you. > > Any of your ideas welcome. > > > Best regards, > Dainius Bigelis > ________________________= 5F______________________ > dev-general mailing list > [email protected] > http://dir.gmane.org/gmane.comp.php.oxid.general _______________________________________________ dev-general mailing list [email protected] http://dir.gmane.org/gmane.comp.php.oxid.general
