Erik Bray wrote: > On Sun, Jan 25, 2009 at 11:51 AM, [email protected] > <[email protected]> wrote: > >> hi, >> >> while using trac we were pointed to a security problem: >> if a user logs in and makes a change, trac exposes the ip-address of >> that user. >> >> is there a way we could switch to a more wikipedia-like behaviour: >> display a warning "please log in otherwise we'll expose your ip- >> address". >> >> rupert. >> > > Exposes the IP address where? I've never seen such behavior in Trac. > Is this only in trunk?
No, it's always been there, visible on wiki diff pages (maybe in some other places as well, that's the only one which comes to mind). Rupert probably forgot that he already filed a ticket for this a year ago ;-) http://trac.edgewall.org/ticket/6572 I'm ok with the proposal made in that ticket, we could hide the address completely or make it visible only if some permissions are available (EMAIL_VIEW ?) if someone thinks it's actually useful to see those ip numbers in clear. However the warning "please log in otherwise we'll expose your ip- address" wouldn't work for us, as it's not always possible to log in into Trac sites (e.g. edgewall.org Tracs). -- Christian --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Trac Development" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/trac-dev?hl=en -~----------~----~----~----~------~----~------~--~---
