Skip navigation

Implement security on the Community website

score 50
You have not voted. Not considering

@

There's apparently a serious security flaw on the website.

 

I was googling to find an answer to a technical problem and found the SQL Developer forum.

I wanted to post something, but wasn't logged in.

I clicked to log in and thought I was logging in as me.

I created a post.

I then noticed that I was logged in as "user1117615". Not my Oracle user id.

I checked the profile and discovered that I'm somehow associated with the university of Michigan (NOT), joined the community in 2014 (?) and other details.

I have no idea how it happened, but my attempt to use the site in an absolutely normal manner resulted in me being logged in as someone else.

I have done absolutely nothing that would constitute hacking in any context whatsoever. Haven't viewed code behind any web page, tried multiple attempts at passwords or anything.

 

The website security is somehow broken, plain & simple.

If you want to contact me, my REAL contact is ernest dot ostrander at mastec dot com.

Comments

Vote history