small typo if youre a naughty user :) [Resolved]

Posted by RtpHarry under DotNetFunda.Com on 1/30/2010 | Views : 2484 | Status : [Member] [MVP] | Replies : 2
While I was testing things out I tried to trick the edit profile page into letting me edit somebody else's profile.

I changed the username to another user and it caught me and correctly stopped me from editing other peoples profiles.

I did spot a little typo in the error message though:

Sorry, This is not your profie, You Can't modify other's profile.

profile is missing the l




Responses

Posted by: Webmaster on: 1/30/2010 [Administrator] HonoraryPlatinum

Up
0
Down

Resolved
I would say this fine. This should never happen in real scenario and if someone real naughty is trying to do that who cares what the application is showing to him, I would even do not show any message or misguide him/her by giving his home information :).

Ha Ha

Thanks for trying it out.

Best regards,
Webmaster



Best regards,
Webmaster
http://www.dotnetfunda.com

RtpHarry, if this helps please login to Mark As Answer. | Alert Moderator

Posted by: RtpHarry on: 1/31/2010 [Member] [MVP] Bronze

Up
0
Down
Yeah I guess if you are using code to check if the user name is the current user then it means that you dont really need the username parameter at all.

If a user accesses the register.aspx page and they are already logged in then that means they want to edit their profile.

Unless you are using this for the webmaster admin panel as well?

RtpHarry, if this helps please login to Mark As Answer. | Alert Moderator

Login to post response