Ticket #2112 (closed defect: duplicate)
Opened 6 years ago
Last modified 5 years ago
Logged in user can change name to different user
| Reported by: | anonymous | Owned by: | jonas |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | ticket system | Version: | 0.8.4 |
| Severity: | critical | Keywords: | |
| Cc: | |||
| Release Notes: | |||
| API Changes: | |||
Description
This is similar to http://projects.edgewall.com/trac/ticket/1890
Trac needs to do what phpBBB does where it is clear whether the login name was from a logged in user or has been manually modified by an anonymous user.
Trac provides a great audit trail of a ticket, where you can tell who said/did what on the system. But the reliability of that audit trail is seriously at risk when random users can pretend to be someone else.
Imagine the havoc this could cause if someone went into http://projects.edgewall.com/trac/report/1
pretended to be one of the developers and randomly started changing severity, milestones, etc. How do you know what to roll back?
Attachments
Change History
comment:1 Changed 6 years ago by anonymous
- Cc tkarakai@… added
comment:2 Changed 6 years ago by cmlenz
- Resolution set to duplicate
- Status changed from new to closed
comment:3 Changed 6 years ago by anonymous
I just reviewed it and I agree (I'm the original poster).
comment:4 Changed 6 years ago by anonymous
- Cc tkarakai@… removed
Actually, I'd suggest that this is a duplicate of #1890.