On Thu, Jun 18, 2009 at 11:27, Ken Crocker<[email protected]> wrote: > Why is it a security issue? If your privileges are allowing them to > go to a user "Preferences", then I understand, but to just know what > UserIds are on the system doesn't seem like a big deal to me. It gives them in a edge into trying to crack other accounts, because they then already have half the authentication pair. On the other hand, they can already determine the name of a privileged user by looking at who owns their ticket or otherwise converse with them via RT.
-- Cambridge Energy Alliance: Save money. Save the planet. _______________________________________________ http://lists.bestpractical.com/cgi-bin/mailman/listinfo/rt-users Community help: http://wiki.bestpractical.com Commercial support: [email protected] Discover RT's hidden secrets with RT Essentials from O'Reilly Media. Buy a copy at http://rtbook.bestpractical.com
