Gotcha, sounds good. Are the team passwords set up to be the same at every competition? On 2/23/06, Brandon Ripley <Brandon.Ripley@xxxxxxxxxx> wrote: > > Only someone with admin level >= 2 will be able to do anything on the > admin page. The idea is that this person setup the database and knows how to > go into MySQL and look up the passwords anyway and could really bypass any > of our security. Any other users could try to run database_setup, but after > it has been run once, the script won't do anything. We will know it was run > once if the teamRobot table already has passwords. > > Brandon > > ------------------------------ > *From:* Steven Buss [mailto:steven.buss@xxxxxxxxx] > *Sent:* Thursday, February 23, 2006 8:13 AM > *To:* stamp@xxxxxxxxxxxxx > *Subject:* [stamp] Re: Random user running "database_setup.php" > > what's to stop anyone from looking up any team's password? how is that > going to be managed? > > On 2/23/06, Brandon Ripley < Brandon.Ripley@xxxxxxxxxx> wrote: > > > > Once we add the function "lookup team password" to the admin page, we > > should > > change database_setup.php so it can only be run once to display > > passwords > > i.e. if passwords exists, don't reprint them. > > > > -----Original Message----- > > From: Jeremy Johnson [mailto: mias88@xxxxxxxxx] > > Sent: Thursday, February 23, 2006 7:29 AM > > To: stamp@xxxxxxxxxxxxx > > Subject: [stamp] Re: Random user running "database_setup.php" > > > > yes, they will. For testing purposes I did not add a restriction on > > when > > the team passwords, lthoguh that should not be so hard to implement. I > > will > > work on that. > > -Jeremy > > On 2/23/06, Erik Thulin <ethulin@xxxxxxxxx> wrote: > > > What if a random user runs "database_setup.php", will they see the > > > team passwords? > > > > > > - Erik > > > > > > > > > > -- > Steven Buss > steven.buss@xxxxxxxxx > PHP/MySQL programmer > -- Steven Buss steven.buss@xxxxxxxxx PHP/MySQL programmer