Entries in OpenId table with no corresponding entry in user table
Issue #1742
resolved
I found out that some entries in the openIDUser table have no corresponding entry in the user table. If someone registers a new user with one of these usernames someone else has access to the new user account.
I found this on the BibLicious database, could someone of the senior developers check the BibSonomy's database?
Comments (7)
-
-
reporter query should be
CREATE TEMPORARY TABLE unknown_openid_users SELECT user_name FROM openIDUser LEFT JOIN user USING(user_name) WHERE user_password IS NULL; DELETE FROM openIDUser WHERE user_name IN (SELECT user_name FROM unknown_openid_users); DROP TABLE unknown_openid_users;
-
reporter - changed version to 2.0.42
- edited description
-
reporter - changed status to open
-
reporter - changed component to database
-
reporter - changed status to resolved
-
reporter - changed version to 2.0.43
- Log in to comment
still there