![]() What Does This Look Like (How can I spot it?) Unless the user repeats the accidental blank space snafu, the user has no chance of logging in or even getting a password recovery since the default password recovery configuration requires users to enter their username. until the user returns later and attempts to log in. DNN automatically logs users in when a new account is created so the user thinks everything is fine. ![]() This situation allows to a user accidentally and unknowingly key in a leading (or trailing) space as part of their chosen username. DNN preserves any such spaces as part of the username. NET-based websites.ĭNN has been around for over a decade yet the bug that tried to bite me is a simple oversight in how account usernames are handled.ĭNN does not "trim" usernames - that is, it allows users to enter leading and trailing spaces when choosing a username. This week I ran into an oversight in the venerable DotNetNuke (aka "DNN") web platform which is a nicely-featured framework for quickly building. I'm never ceased to be amazed at "holes" in software that's been around for ages - that is, simple bugs that have had plenty of time to be detected and quashed but somehow aren't.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |