[JIRA] Reopened: (OFBIZ-534) getPartyFromEmail does dangerous matching

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

[JIRA] Reopened: (OFBIZ-534) getPartyFromEmail does dangerous matching

JIRA jira@ofbiz.org
     [ http://jira.undersunconsulting.com/browse/OFBIZ-534?page=all ]
     
David E. Jones reopened OFBIZ-534:
----------------------------------


Hmmm... Maybe we should back this one out...

The problem is: with this in there, how can you search for a partial email address or find all emails for a certain domain?

Also, is it so bad that you get additional results in a search?


> getPartyFromEmail does dangerous matching
> -----------------------------------------
>
>          Key: OFBIZ-534
>          URL: http://jira.undersunconsulting.com/browse/OFBIZ-534
>      Project: [OFBiz] Open For Business
>         Type: Bug
>   Components: party
>     Versions: SVN
>  Environment: Linux, PostgreSQL
>     Reporter: Ean Schuessler
>     Assignee: Jacques Le Roux
>      Fix For: SVN

>
> Original Estimate: 10 minutes
>         Remaining: 10 minutes
>
> getPartyByEmail does a '%EMAIL_ADDRESS%' match when you search for an email. This means that you can get back [hidden email] when you search for [hidden email]. I can't really see the point of the current implementation and it can have dangerous and suprising side effects if you are going to mail personal information. I'd suggest doing a direct but case-insensitive match. The case insensitivity is a good feature.

--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://jira.undersunconsulting.com/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira