[rt-users] urgent: disable search for new watchers
Jerrad Pierce
jpierce at cambridgeenergyalliance.org
Thu Jun 18 11:31:38 EDT 2009
On Thu, Jun 18, 2009 at 11:27, Ken Crocker<kfcrocker at lbl.gov> wrote:
> Why is it a security issue? If your privileges are allowing them to
> go to a user "Preferences", then I understand, but to just know what
> UserIds are on the system doesn't seem like a big deal to me.
It gives them in a edge into trying to crack other accounts, because
they then already have half the authentication pair. On the other hand,
they can already determine the name of a privileged user by looking at
who owns their ticket or otherwise converse with them via RT.
--
Cambridge Energy Alliance: Save money. Save the planet.
More information about the rt-users
mailing list