[
https://issues.apache.org/jira/browse/GUACAMOLE-1137?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17160814#comment-17160814
]
Mike Jumper commented on GUACAMOLE-1137:
----------------------------------------
{quote}
For me just one question is left: Why the user has no READ permission for its
own context by definition/default? What is the idea behind?
{quote}
Besides being easier to maintain, when designing a system where security is a
factor, it's better to consistently apply the same permissions the same way,
with as few exceptions as possible. Introducing exceptions to a permission
management system (in this case, an implicit READ in one special case) is
asking for trouble.
> User can not change the own password
> ------------------------------------
>
> Key: GUACAMOLE-1137
> URL: https://issues.apache.org/jira/browse/GUACAMOLE-1137
> Project: Guacamole
> Issue Type: Bug
> Reporter: Stefan
> Priority: Minor
>
> We noticed some strange behavior when the user wants to change its password.
> When there is a "@” sign in the username and he not an administrator the
> password change is not possible. (tomcat-server response with 404).
> Hs a admin an "@" in the username is no problem.
> Also, when the non-admin-user has no "@" in the username the password change
> is working.
> We started search but up to now we have no idea where the issue happens…
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
