[stamp] Re: Random user running "database_setup.php"

• From: "Steven Buss" <steven.buss@xxxxxxxxx>
• To: stamp@xxxxxxxxxxxxx
• Date: Thu, 23 Feb 2006 09:40:19 -0500

Gotcha, sounds good.  Are the team passwords set up to be the same at every
competition?

On 2/23/06, Brandon Ripley <Brandon.Ripley@xxxxxxxxxx> wrote:
>
> Only someone with admin level >= 2 will be able to do anything on the
> admin page. The idea is that this person setup the database and knows how to
> go into MySQL and look up the passwords anyway and could really bypass any
> of our security. Any other users could try to run database_setup, but after
> it has been run once, the script won't do anything. We will know it was run
> once if the teamRobot table already has passwords.
>
> Brandon
>
>  ------------------------------
> *From:* Steven Buss [mailto:steven.buss@xxxxxxxxx]
> *Sent:* Thursday, February 23, 2006 8:13 AM
> *To:* stamp@xxxxxxxxxxxxx
> *Subject:* [stamp] Re: Random user running "database_setup.php"
>
> what's to stop anyone from looking up any team's password?  how is that
> going to be managed?
>
> On 2/23/06, Brandon Ripley < Brandon.Ripley@xxxxxxxxxx> wrote:
> >
> > Once we add the function "lookup team password" to the admin page, we
> > should
> > change database_setup.php so it can only be run once to display
> > passwords
> > i.e. if passwords exists, don't reprint them.
> >
> > -----Original Message-----
> > From: Jeremy Johnson [mailto: mias88@xxxxxxxxx]
> > Sent: Thursday, February 23, 2006 7:29 AM
> > To: stamp@xxxxxxxxxxxxx
> > Subject: [stamp] Re: Random user running "database_setup.php"
> >
> > yes, they will.  For testing purposes I did not add a restriction on
> > when
> > the team passwords, lthoguh that should not be so hard to implement.  I
> > will
> > work on that.
> > -Jeremy
> > On 2/23/06, Erik Thulin <ethulin@xxxxxxxxx> wrote:
> > > What if a random user runs "database_setup.php", will they see the
> > > team passwords?
> > >
> > >  - Erik
> > >
> >
> >
>
>
> --
> Steven Buss
> steven.buss@xxxxxxxxx
> PHP/MySQL programmer
>



--
Steven Buss
steven.buss@xxxxxxxxx
PHP/MySQL programmer

• References:
  • [stamp] Re: Random user running "database_setup.php"
    • From: Brandon Ripley

Other related posts:

• » [stamp] Random user running "database_setup.php"
• » [stamp] Re: Random user running "database_setup.php"
• » [stamp] Re: Random user running "database_setup.php"
• » [stamp] Re: Random user running "database_setup.php"
• » [stamp] Re: Random user running "database_setup.php"
• » [stamp] Re: Random user running "database_setup.php"
• » [stamp] Re: Random user running "database_setup.php"

1. Home
2. stamp
3. Archive
4. 02-2006

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---