Project:
| View Issue Details[ Jump to Notes ] | [ Issue History ] [ Print ] | |||||||
| ID | ||||||||
| 0018389 | ||||||||
| Type | Category | Severity | Reproducibility | Date Submitted | Last Update | |||
| defect | [Openbravo ERP] A. Platform | major | always | 2011-08-30 16:24 | 2011-10-20 11:32 | |||
| Reporter | rgoris | View Status | public | |||||
| Assigned To | iperdomo | |||||||
| Priority | urgent | Resolution | unable to reproduce | Fixed in Version | ||||
| Status | closed | Fix in branch | Fixed in SCM revision | |||||
| Projection | none | ETA | none | Target Version | 3.0MP5 | |||
| OS | Any | Database | Any | Java version | ||||
| OS Version | Database version | Ant version | ||||||
| Product Version | SCM revision | |||||||
| Review Assigned To | ||||||||
| Web browser | ||||||||
| Modules | Core | |||||||
| Regression level | ||||||||
| Regression date | ||||||||
| Regression introduced in release | ||||||||
| Regression introduced by commit | ||||||||
| Triggers an Emergency Pack | No | |||||||
| Summary | 0018389: Google Account login - security issue | |||||||
| Description | Logging in using your Google account is cool. However, there are a couple of issues that keep it from being very cool. Security: when activating this feature and you happen to have somebody else´s Google account activated in the same browser, you accidentally would associate their account to your Openbravo! | |||||||
| Steps To Reproduce | Log in with somebody else Google account In the same browser, associate OB to the Google login | |||||||
| Proposed Solution | Let the user confirm (and re-login) to the desired google account before actually creating the association. | |||||||
| Tags | No tags attached. | |||||||
| Attached Files | ||||||||
 Relationships [ Relation Graph ]
[ Dependency Graph ]
|
||||||||
|
||||||||
 Relationships |
|
Notes |
|
|
(0041362) iperdomo (reporter) 2011-09-29 08:39 |
If you are logged in in Google and you try to associate the account, you will clearly see that the Openbravo system is trying to access your account, Google accounts will ask you and you can _reject_ it. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2011-08-30 16:24 | rgoris | New Issue | |
| 2011-08-30 16:24 | rgoris | Assigned To | => alostale |
| 2011-08-30 16:24 | rgoris | Modules | => Core |
| 2011-08-30 16:57 | rgoris | Relationship added | related to 0018391 |
| 2011-08-30 16:58 | rgoris | Status | new => scheduled |
| 2011-09-08 18:54 | rgoris | Priority | normal => urgent |
| 2011-09-27 13:03 | alostale | Target Version | 3.0MP4 => 3.0MP5 |
| 2011-09-28 22:19 | alostale | Assigned To | alostale => iperdomo |
| 2011-09-29 08:39 | iperdomo | Note Added: 0041362 | |
| 2011-09-29 08:39 | iperdomo | Status | scheduled => feedback |
| 2011-10-20 11:32 | rgoris | Status | feedback => closed |
| 2011-10-20 11:32 | rgoris | Resolution | open => unable to reproduce |
|
Issue History |
| Copyright © 2000 - 2009 MantisBT Group |
 |