On Wed, 2023-11-08 at 05:31 -0700, David G. Johnston wrote:
> On Wednesday, November 8, 2023, Laurenz Albe wrote:
> > When people ask my "why?", I tend to answer "why not?". It is not a
> > security
> > problem, in my opinion. Every user is allowed to know that I have a table
> > "purchase" wit
On Wednesday, November 8, 2023, Laurenz Albe
wrote:
>
>
> When people ask my "why?", I tend to answer "why not?". It is not a
> security
> problem, in my opinion. Every user is allowed to know that I have a table
> "purchase" with a column "credit_card_nr". As long as the permissions are
> set
On Tue, 2023-11-07 at 12:28 -0700, David G. Johnston wrote:
> This comes up every so often (including today on Discord) and I keep having
> trouble
> figuring out where to point people for our official assertion and explanation
> for why anyone with a login can view routine bodies, view specificat
On Tue, Nov 7, 2023 at 12:28 PM David G. Johnston <
david.g.johns...@gmail.com> wrote:
> Is this something we just don't want to go into detail within our
> documentation, or just no one has cared enough to write something up
> (beyond my first draft back then) and form it into a patch?
>
I've go
