[rt-users] Why an unpriviledge user can see any ticket ?
Todd Chapman
todd at chaka.net
Tue Jun 27 10:17:21 EDT 2006
The RTx::RightsMatric extension should be able to tell you how
the unpriviledged group is getting the ShowTicket right.
On Tue, Jun 27, 2006 at 03:08:46PM +0200, thep.sykheo at degremont.com wrote:
>
>
>
>
> Hi,
>
> I am testing RT 3.4.5. When I connect as an unpriviledged user , I can
> select "Goto ticket" button and see a ticket which is not mine.
> This is not very secure. How can I prevent this ?
>
> Thanks in advance.
>
>
>
> Thep SYKHEO Direction des Systèmes d'Information - IT
> Department
>
> tél : +33 (0) 1 46 25 60 41 - fax : +33 (0) 1 46 25 66 60
>
> thep.sykheo at degremont.com
>
>
>
> DEGREMONT, Groupe SUEZ
>
> Les spécialistes du traitement d'eau - Water treatment
> specialists
>
> 183, avenue du 18 juin 1940 - 92508 Rueil-Malmaison Cedex
> France
>
> http://www.degremont.com
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> This message and all attachments are confidential and intended solely for
> the addressees.
>
>
> Any use not in accord with its purpose, any dissemination or disclosure,
> either whole or partial, is prohibited except formal approval.
>
>
> If you receive this message in error, please delete it and immediately
> notify the sender.
>
>
> Neither Degremont Group nor any of its subsidiaries or affiliates shall be
> liable for the message if altered, changed or falsified.
>
> _______________________________________________
> http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users
>
> Community help: http://wiki.bestpractical.com
> Commercial support: sales at bestpractical.com
>
>
> Discover RT's hidden secrets with RT Essentials from O'Reilly Media.
> Buy a copy at http://rtbook.bestpractical.com
>
>
> We're hiring! Come hack Perl for Best Practical: http://bestpractical.com/about/jobs.html
More information about the rt-users
mailing list