[Trac-tickets] [The Trac Project] #1137: Possible Information
Disclosure With Authz
The Trac Project
noreply at edgewall.com
Sun Jan 16 21:23:41 EST 2005
#1137: Possible Information Disclosure With Authz
---------------------+------------------------------------------------------
Id: 1137 | Status: new
Component: general | Modified: Sun Jan 16 21:23:41 2005
Severity: normal | Milestone:
Priority: normal | Version: 0.8
Owner: jonas | Reporter: projects.edgewall.com at bdash.net.nz
---------------------+------------------------------------------------------
When using the ''authz'' permission system to restrict access, privileged
information may be accessible in the form of the files and log messages
involved in changesets, and log messages in the browser. An example of
such a situation is when a repository contains both private and public
files: information about changes to the private files should not be
available to unauthorised users.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1137>
The Trac Project <>
More information about the Trac-Tickets
mailing list