Edgewall Software

Ticket #2112 (closed defect: duplicate)

Opened 3 years ago

Last modified 2 years ago

Logged in user can change name to different user

Reported by: anonymous Owned by: jonas
Priority: high Milestone:
Component: ticket system Version: 0.8.4
Severity: critical Keywords:
Cc:

Description

This is similar to http://projects.edgewall.com/trac/ticket/1890

Trac needs to do what phpBBB does where it is clear whether the login name was from a logged in user or has been manually modified by an anonymous user.

Trac provides a great audit trail of a ticket, where you can tell who said/did what on the system. But the reliability of that audit trail is seriously at risk when random users can pretend to be someone else.

Imagine the havoc this could cause if someone went into http://projects.edgewall.com/trac/report/1 pretended to be one of the developers and randomly started changing severity, milestones, etc. How do you know what to roll back?

Attachments

Change History

Changed 3 years ago by anonymous

  • cc tkarakai@… added

Changed 3 years ago by cmlenz

  • status changed from new to closed
  • resolution set to duplicate

Actually, I'd suggest that this is a duplicate of #1890.

Changed 3 years ago by anonymous

I just reviewed it and I agree (I'm the original poster).

Changed 3 years ago by anonymous

  • cc tkarakai@… removed

Add/Change #2112 (Logged in user can change name to different user)

Author



Change Properties
<Author field>
Action
as closed
Next status will be 'reopened'
 
Note: See TracTickets for help on using tickets.