Project

General

Profile

Actions

Defect #34593

open

privacy problem on users info

Added by Fabrizio Sebastiani about 3 years ago. Updated about 3 years ago.

Status:
Needs feedback
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Resolution:
Affected version:

Description

If a logged-is user start to access cyclically to urls likes this:

 https://example.com/redmine/users/5
 https://example.com/redmine/users/6
 https://example.com/redmine/users/7
 ...

he/she will see get the full organization's useers, members, informations, accounts, email etc... This is a particular sensible information if organization needs to hide and protect membership information to all users.

This looks violation of privacy information. Also the organization cannot hide to any member this wide information. Looks a design lack.

Actions

Also available in: Atom PDF