Edgewall Software

Changes between Initial Version and Version 54 of Ticket #1890


Ignore:
Timestamp:
Jun 28, 2006, 5:10:30 PM (15 years ago)
Author:
Christian Boos
Comment:

I agree with all of the above ;)

Legend:

Unmodified
Added
Removed
Modified
  • Ticket #1890

    • Property Severity criticalnormal
    • Property Cc gunnar@… tkarakai@… vyt@… dcreager@… lievenswouter@… maxb1@… samuel.tesla@… dkg-debian.org@… added
    • Property Milestone0.11
    • Property Owner changed from Jonas Borgström to Christian Boos
  • Ticket #1890 – Description

    initial v54  
    11I can create tickets anonymously using usernames of registered users. This is a Bad Thing(TM) in that people can impersonate me on my Trac. Or, they could otherwise pretend to be me. Which, to some users, may be confusing and misleading. It also poses a security threat in that any random person can go in and meddle in my bugs and close at will because to be able to add a comment to a ticket, you have to have TICKET_MODIFY, which essentially means anonymous has TICKET_ADMIN (filing another bug for this, since I know that at least in my projects, I like two problems to be reported as... two problems...)
     2----
     3'''Current status of the discussion''':
     4each change to a ticket must also record whether
     5the user who did the change was authenticated or not.
     6
     7See more complete summary in comment:53.