id summary reporter owner description type status priority milestone component version severity resolution keywords cc branch changelog apichanges internalchanges 1890 Can create tickets anonymously using the username of an authenticated user ziggy@… "I can create tickets anonymously using usernames of registered users. This is a Bad Thing(TM) in that people can impersonate me on my Trac. Or, they could otherwise pretend to be me. Which, to some users, may be confusing and misleading. It also poses a security threat in that any random person can go in and meddle in my bugs and close at will because to be able to add a comment to a ticket, you have to have TICKET_MODIFY, which essentially means anonymous has TICKET_ADMIN (filing another bug for this, since I know that at least in my projects, I like two problems to be reported as... two problems...) ---- '''Current status of the discussion''': each change to a ticket must also record whether the user who did the change was authenticated or not. See more complete summary in comment:53." defect new high next-major-releases general 0.8.4 major authentication wkornew ziggy@… tkarakai@… vyt@… lievenswouter@… dkg-debian.org@… johnjaylward@… jevans591@… carsten.klein@… Thijs Triemstra leho@… Jun Omae Ryan J Ollos