Closed
Bug 243303
Opened 20 years ago
Closed 20 years ago
createaccount.cgi allowing possible overloading of user table
Categories
(Bugzilla :: User Accounts, enhancement)
Tracking
()
People
(Reporter: schapht, Assigned: myk)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X; en) AppleWebKit/124 (KHTML, like Gecko) Safari/125.1 Build Identifier: It seems like a malicious user could use createaccount.cgi to create a very large ammount of users, resulting is a bloated user table and potential performanace problems. Possible solutions (from an outsider perspective): - have createaccount.cgi make accounts in a seperate table. Create the entry in the users table on first login of the user. - have createaccount.cgi created accounts expire after some time if no-one has ever logged in on that account - offer an option somewhere to purge any accounts that have never been used (Sanity Check warning?) My apologies if this is has been already requested, but none of the bug summaries seemed to fit the bill. Reproducible: Always Steps to Reproduce: 1. go to http://powerphunk.local/bugzilla/createaccount.cgi 2. enter falsified information 3. click "Create Account" 4. repeat many many many times
Reporter | ||
Updated•20 years ago
|
Version: unspecified → 2.16.5
Reporter | ||
Updated•20 years ago
|
Summary: createaccount.cgi could pose security problem → createaccount.cgi allowing possible overloading of user table
Comment 1•20 years ago
|
||
Aside from the direct dupe (responding to your question on IRC that I saw after you left) 2.17.5 and up also have a "createemailregexp" param which defines a regular expression that the email address of anyone signing up must match. If you leave that param blank, it completely disables account creation (removes all the links and everything). *** This bug has been marked as a duplicate of 87795 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Updated•12 years ago
|
QA Contact: matty_is_a_geek → default-qa
You need to log in
before you can comment on or make changes to this bug.
Description
•