Customer login

[welch]

I wouldn't say this is an big error, but I feel that it could be corrected for security and presentation.

 

When an admin is logged in and opens another tab and goes to the client area, he can just enter a clients email and click login without a password and be taken to the account. Anything works just as long as the email is one of a client.

[Adam]

I wouldn't say this is an big error, but I feel that it could be corrected for security and presentation.

 

When an admin is logged in and opens another tab and goes to the client area, he can just enter a clients email and click login without a password and be taken to the account. Anything works just as long as the email is one of a client.

 

Hey,

 

But he is an Admin! He should have access to that stuff

 

From,

Adam

[welch]

I just found it wierd that it works like that. Not so much an issue, but I thought I would point it out.

[Steve]

That's meant to happen, it's one of the new features in V3.

[welch]

That's meant to happen, it's one of the new features in V3.

 

The feature was added in the Administrator panel under the optional link "Login as user", not the abondonment of password verification. I know logging in as a client is a feature of v3. Again, found it a bit odd of how the system was setup to login as user.

[Matt]

This is not a security issue. If you are logged in as an admin it is designed to work in this way. It doesn't let just anyone login however - they must be logged in as admins to have access to any account.