[rt-users] urgent: disable search for new watchers

Violetta J. Wawryk v.wawryk at science-computing.de
Thu Jun 18 10:28:30 EDT 2009


Hi,

RT is 3.6.1 on a debian system

we just found out that in the people section everyone who can login can 
search for people. So a person who has the following rights:

CreateTicket
ReplyToTicket
SeeQueue
ShowTicket

can go to the people section and do a search like:

userid doesn't contain xyz

he gets all the users of the RT. Since this is a security issue, is 
there anything that I can do to prevent these searches?

It might be disabled in a newer version, if so which would that be?

A quick search on the list didn't give me an answer, therefore I have to 
ask this. Sorry if it's been on the list before.

Quick help is really appreciated, thanks in advance!!!!

Regards
Violetta

-- 
________________________________ creating IT solutions
Violetta J. Wawryk               science + computing ag
IT-Service                       Hagellocher Weg 73
phone +49 7071 9457 282          72070 Tuebingen, Germany
fax   +49 7071 9457 211          www.science-computing.de
-- 
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier, 
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196 





More information about the rt-users mailing list