please be advised about the following matter. I use Windows XP Home, IE 6.0, FTB 184.108.40.2060. One MyHeritage member (let call him Kent) asked me to looked through his site. I would like to help him. I sended a request to be a member of his site, he added me in his list of members. I recieved a message at my email box about this and went to the link in the email. I started to view the pages of Kent's site and click on Downloading a tree in "Manage trees".
Then I started that downloaded backup of Kent's tree on my PC. I had FTB 220.127.116.110 by that time and that moment i was adviced to download the newer version. I downloaded it. Then i open the tree, made some changes and published the tree on Kent's site. After that the IE browser automatically open Kent's site and associate me with the manager named Kent! On the top of the screen there was "Welcome, Kent!" , i recieved a message from me to him, i saw in the list of members that I, Kent, am online now and Esperanza is now offline. I had access to any part of the site, i was able to add new members or delete the news and so on...
Please check this feature and make the security OK!
Thanks Nadya. We pinpointed the bug thanks to your help, and fixed it. It will be deployed to the site tomorrow. Note that it is not a serious problem, because the tree is only available for download by site members, and these are people invited by the site manager, and thus enjoy his/her complete trust. That's why it was never reported until today. But thanks to your assistance, it's now found and fixed (wait till tomorrow!)