#8473 closed defect (wontfix)
Obfuscate email addresses are searchable
| Reported by: | anonymous | Owned by: | |
|---|---|---|---|
| Priority: | low | Milestone: | |
| Component: | general | Version: | none |
| Severity: | minor | Keywords: | email search privacy |
| Cc: | mpotter@… | Branch: | |
| Release Notes: | |||
| API Changes: | |||
| Internal Changes: | |||
Description
With [Trac] show_email_addresses disable, as I assume it is here, if one performs a ticket search for reporter contains "potter", one ends up with a few tickets that do not appear to contain "potter" in the reporter. Apparently "jdunham@" has "potter" somewhere in the domain portion of his email. This means that though the email addresses are not visible, they are searchable. The main purpose of the [Trac] show_email_address is for spam prevention, for this it works well. However some may want this for privacy reasons. As it currently stands:
Attachments (0)
Change History (7)
comment:1 by , 15 years ago
| Cc: | added |
|---|
follow-up: 6 comment:2 by , 15 years ago
| Milestone: | → 2.0 |
|---|
comment:4 by , 14 years ago
I agree that the intent was obfuscation, not privacy, and that the current implementation is good enough. Suggesting wontfix.
comment:5 by , 14 years ago
| Milestone: | triaging |
|---|---|
| Resolution: | → wontfix |
| Status: | new → closed |
Agreed, closing.
follow-up: 7 comment:6 by , 14 years ago
Thinking about it, this change would probably be a major effort for very little gain. Therefore, agreed; closed wontfix.
Replying to rblank:
I agree that the intent was obfuscation, not privacy, and that the current implementation is good enough. Suggesting wontfix.
Minor correction, as I understand it: … the intent of the obfuscation was spam prevention, not privacy, …
For anyone who may find the ticket in the future, I assume this still holds from 2:
If someone cares enough about this problem and provides a patch, we might consider it for inclusion in a future release, though.
But it is not important to me, just an observation.
I'm not sure its worth it. The concern with #153 was simply to obfuscate displayed e-mail addresses, not that you couldn't gather any information out of Trac related to e-mails. For example, we obfuscate e-mail addresses in wiki pages when displaying them, but you'll see them in plain text when editing the page. You could also use the ticket custom queries for doing such searches over e-mail values.
If someone cares enough about this problem and provides a patch, we might consider it for inclusion in a future release, though.