[mw-devel] Password overriding in mw(?)
Denis Walker
dez at sucs.org
Fri Oct 20 23:28:33 BST 2006
On Sun, 15 Oct 2006, Andrew Price wrote:
> A user named mark recently started using mw and he wasn't asked to
> register and he wasn't asked for a password when he ran mw. It seems
> that someone has used the mw username "mark" in the past and this new
> member has taken over that mw username and all its settings because his
> account username is "mark" and mw forgot about asking him for a password
> except he can't change the password now because it wasn't set by him.
>
> What the...?
>
> _______________________________________________
> Milliways Development mailing list - mw-devel at lists.sucs.org - http://lists.sucs.org/mailman/listinfo/mw-devel
>
Well, yes. If there's someone in the mw userdb called "mark", then a SUCS
user called "mark" would be able to log in without being asked for login
details. The mw "mark" was in my year doing CompSci and has spent little
more than 24 hours on Milliways ever. Therefore, I propose he gets
deleted so the new SUCS "mark" can use his name.
This may not always be so easy to resolve though, and it would be as well
to come up with a policy to deal with it. For example, what if a new user
wants to call themselves "pklong" or "flagg"?
--
Denis Walker
dez at sucs.org
More information about the mw-devel
mailing list