that is a glitch, but a pretty rare one. why would someone ever login via DA to the site which they originally registered? there isn't a security problem here, just a duplicate account problem. i'll add it to the bug list.
> -----Original Message-----
> From: drupal-devel-admin@drupal.org
> [mailto:drupal-devel-admin@drupal.org]On Behalf Of Dries Buytaert
> Sent: Sunday, May 26, 2002 4:52 PM
> To: drupal-devel@drop.org
> Subject: [drupal-devel] distributed authentication glitch
>
>
>
> In drop.org's watchdog, I just spotted the following:
>
> 05/26/2002 - 17:58
> new user: 'cecco' Anonymous chicken
> [the e-mail is made spam-proof]
>
> 05/26/2002 - 17:59
> session opened for 'cecco@www.drop.org' cecco@www.drop.org
>
> 05/26/2002 - 17:59
> new user: cecco@www.drop.org (drupal ID) Anonymous chicken
>
> That is, someone can create a second account on drop.org using its
> drop.org Drupal ID.
>
> --
> Dries Buytaert :: http://www.buytaert.net/
Comments
Comment #1
(not verified) commentedMaking this a feature request. The DA wasn't designed to handle this so its working as expected. However it would be nice if someone decided to tackle this problem!
Comment #2
Bèr Kessels commentedVery old. Marking this "by design". A DA username != a username. They should not be the same.
Comment #3
moshe weitzman commentedactually, i'm told by numerous admins (including drupal.org) that many people try to sign in with a drupal ID. they just cut and paste from the default welcome email.
Comment #4
forngren commented