![]() ![]() It would be trivial for the guys that develop DotNetNuke to trim spaces from usernames. In that case you'll need to go directly to the database to check for the existince of leading spaces. If a user happens to pick a username that would normally appear first in the list of names then this simple spot-check won't help. Note that I say it is easy to spot most usernames but not all. The username appears normal everywhere it might appear in a typical DNN site.įortunately DotNetNuke website administrators can easily spot the leading space(s) issue for most usernames simply by checking the "User Accounts" module, as shown in Figure 1.įigure 1 - A username starting with 'm' appears out of placeĪt the top of the alphabetically-sorted list. ![]() This particular bug is nefarious because an accidental click of the spacebar is an easy misstep but, once an account is created, it is difficult to spot an unintended space as web browsers remove extranous spaces in most web page text. ![]() What Does This Look Like (How can I spot it?) Unless the user repeats the accidental blank space snafu, the user has no chance of logging in or even getting a password recovery since the default password recovery configuration requires users to enter their username. until the user returns later and attempts to log in. DNN automatically logs users in when a new account is created so the user thinks everything is fine. This situation allows to a user accidentally and unknowingly key in a leading (or trailing) space as part of their chosen username. DNN preserves any such spaces as part of the username. NET-based websites.ĭNN has been around for over a decade yet the bug that tried to bite me is a simple oversight in how account usernames are handled.ĭNN does not "trim" usernames - that is, it allows users to enter leading and trailing spaces when choosing a username. ![]() This week I ran into an oversight in the venerable DotNetNuke (aka "DNN") web platform which is a nicely-featured framework for quickly building. I'm never ceased to be amazed at "holes" in software that's been around for ages - that is, simple bugs that have had plenty of time to be detected and quashed but somehow aren't. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
March 2023
Categories |