Modify ↓
#2112 closed defect (duplicate)
Logged in user can change name to different user
| Reported by: | anonymous | Owned by: | Jonas Borgström |
|---|---|---|---|
| Priority: | high | Milestone: | |
| Component: | ticket system | Version: | 0.8.4 |
| Severity: | critical | Keywords: | |
| Cc: | Branch: | ||
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
This is similar to http://projects.edgewall.com/trac/ticket/1890
Trac needs to do what phpBBB does where it is clear whether the login name was from a logged in user or has been manually modified by an anonymous user.
Trac provides a great audit trail of a ticket, where you can tell who said/did what on the system. But the reliability of that audit trail is seriously at risk when random users can pretend to be someone else.
Imagine the havoc this could cause if someone went into http://projects.edgewall.com/trac/report/1 pretended to be one of the developers and randomly started changing severity, milestones, etc. How do you know what to roll back?
Attachments (0)
Change History (4)
comment:1 by , 19 years ago
| Cc: | added |
|---|
comment:2 by , 19 years ago
| Resolution: | → duplicate |
|---|---|
| Status: | new → closed |
comment:4 by , 19 years ago
| Cc: | removed |
|---|
Note:
See TracTickets
for help on using tickets.
Actually, I'd suggest that this is a duplicate of #1890.