[Rt-devel] Security concern for RT 3.3/3.4 CF access controls.

Todd Chapman rt at chaka.net
Thu Dec 2 14:15:24 EST 2004

If a user of RT 3.3/3.4 is not allowed to see the value
of certain custom fields, what keeps them from seeing
the value being set in the ticket history. Is a rights
check done for each transaction?

And yes, I'm too busy at the moment to look at the code
myself. :)

BTW, Asset Tracker v0.1alpha is coming along nicely!


More information about the Rt-devel mailing list