On Wed, 17 Jan 2001, Aaron Nabil wrote:
> Is this code in Handler.pm doing the most reasonable thing? The way it
> works now, if you have a rewrite username that lowercases, people can
> log in muliple times with username, Username, USERNAME, etc.
Looks like you can't win either way.
If you don't use OriginalUserName, session online checks will fail (the
ones that rely on names instead of session ID's) since they need to match
what the NAS supplied.
I just took a peek on one of my TC chassis, I have a user logged in as
"Firstname Lastname " (except with lots more spaces at the
end) and my two rewrite rules manage to coerce that to his real login of
firstnamelastname on our system! With our rewriting you could simply
add a space to your login and create a unique session. :(
Hmmmm....
PLEASE CC ME ON ANY REPLIES.
--
Aaron Nabil
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
