The Rugby World Cup has hit a security snag just over a week before the eagerly awaited tournament kicks off in New Zealand. Media partners logging into the dedicated media centre system were confronted with the profiles of other journalists instead. Sysadmins are trying to get to the bottom of the problem, in the meantime they …
Clearly the sysadmins know that. Are the developers aware of session management?
reload page until your details come up???
In the meantime pretend you didnt see all the other peoples data. and dont copy and paste it.
tell them to stop using WHERE 1 LIMIT RAND(),1 in their mysql query !! LOL
Rugger buggers' buggy buggerup - you guys really know how to knock ´em out!
Really from RWC 2011 Media Centre?
or is it from e.g. an El Reg commentard who just happened to get that profile up when logging in?
I've had that at a company where I had worked for a week for evaluation purposes.
They had a shop-in-shop system and some shop administrators would get logged in into the wrong shop backend. Turned out the login function just compares user and password hash, not the actual shop id. So the first match was used, which was not always the correct one. Especially with the shops the company administrated since those all had the same user/pass.
They never offered me a job so it hasn't been fixed and there is no one at the company even capable of understanding the problem, never mind fixing it. I left a note for a hot-fix (never ever use the same username for two shops) but I doubt anyone there can even understand that.
Let's all Thread safely people
Someone's session manager isn't thread safe!