Edgewall Software

Opened 16 years ago

Closed 16 years ago

Last modified 15 years ago

#2112 closed defect (duplicate)

Logged in user can change name to different user

Reported by: anonymous Owned by: Jonas Borgström
Priority: high Milestone:
Component: ticket system Version: 0.8.4
Severity: critical Keywords:
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:


This is similar to http://projects.edgewall.com/trac/ticket/1890

Trac needs to do what phpBBB does where it is clear whether the login name was from a logged in user or has been manually modified by an anonymous user.

Trac provides a great audit trail of a ticket, where you can tell who said/did what on the system. But the reliability of that audit trail is seriously at risk when random users can pretend to be someone else.

Imagine the havoc this could cause if someone went into http://projects.edgewall.com/trac/report/1 pretended to be one of the developers and randomly started changing severity, milestones, etc. How do you know what to roll back?

Attachments (0)

Change History (4)

comment:1 by anonymous, 16 years ago

Cc: tkarakai@… added

comment:2 by Christopher Lenz, 16 years ago

Resolution: duplicate
Status: newclosed

Actually, I'd suggest that this is a duplicate of #1890.

comment:3 by anonymous, 16 years ago

I just reviewed it and I agree (I'm the original poster).

comment:4 by anonymous, 16 years ago

Cc: tkarakai@… removed

Modify Ticket

Change Properties
Set your email in Preferences
as closed The owner will remain Jonas Borgström.
The resolution will be deleted. Next status will be 'reopened'.
to The owner will be changed from Jonas Borgström to the specified user.

Add Comment

E-mail address and name can be saved in the Preferences .
Note: See TracTickets for help on using tickets.