[rt-users] urgent: disable search for new watchers
Violetta J. Wawryk
v.wawryk at science-computing.de
Thu Jun 18 10:28:30 EDT 2009
Hi,
RT is 3.6.1 on a debian system
we just found out that in the people section everyone who can login can
search for people. So a person who has the following rights:
CreateTicket
ReplyToTicket
SeeQueue
ShowTicket
can go to the people section and do a search like:
userid doesn't contain xyz
he gets all the users of the RT. Since this is a security issue, is
there anything that I can do to prevent these searches?
It might be disabled in a newer version, if so which would that be?
A quick search on the list didn't give me an answer, therefore I have to
ask this. Sorry if it's been on the list before.
Quick help is really appreciated, thanks in advance!!!!
Regards
Violetta
--
________________________________ creating IT solutions
Violetta J. Wawryk science + computing ag
IT-Service Hagellocher Weg 73
phone +49 7071 9457 282 72070 Tuebingen, Germany
fax +49 7071 9457 211 www.science-computing.de
--
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier,
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
More information about the rt-users
mailing list