Issue 933510
Created on 2004-04-12 04:30 by jfmeinel, last changed 2004-04-12 04:30 by jfmeinel.
|
| msg1178 |
Author: [hidden] (jfmeinel) |
Date: 2004-04-12 04:30 |
|
I just set up a new roundup server using 0.7.0b2, and I
found that as the anonymous user, you can see the user
list if you type it in manually (/user) The only way
that I found to disable this was to remove the 'Web
Registration' permission for anonymous users.
And since you can't get rid of the anonymous user,
there is no way to disable this without disabling web
registration.
Steps to repeat:
1) Setup a new tracker
2) Leave 'Web Registration' enabled for Anonymous users.
3) Disable all other access for the Anonymous user
4) Without logging in go to
<url>/<tracker>/user
5) Peek in at all the usernames, emails and phone numbers.
|
| msg1179 |
Author: [hidden] (richard) |
Date: 2004-04-12 07:09 |
|
Logged In: YES
user_id=6405
Excellent, thanks for spotting this!
|
|
| Date |
User |
Action |
Args |
| 2004-04-12 04:30:24 | jfmeinel | create | |
|