#1890: Can create tickets anonymously using the username of an authenticated 
user
----------------------------------------+-----------------------------------
 Reporter:  [EMAIL PROTECTED]  |        Owner:  cmlenz  
     Type:  defect                      |       Status:  assigned
 Priority:  normal                      |    Milestone:  0.9.3   
Component:  general                     |      Version:  0.8.4   
 Severity:  normal                      |   Resolution:          
 Keywords:                              |  
----------------------------------------+-----------------------------------
Changes (by [EMAIL PROTECTED]):

  * cc:  [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] =>
         [EMAIL PROTECTED], [EMAIL PROTECTED],
         [EMAIL PROTECTED], [EMAIL PROTECTED]

Comment:

 ''The reason for allowing anonymous users to set their username and email
 directly in the ticket/wiki form is to make it easy for them to e.g.
 submit a ticket and include their contact information.''

 If this is why there's an editable field for anonymous users, then the
 value should be something resembling an email address, right?  You
 wouldn't have to have a complex user registration and email verification
 process unless it was actually necessary to your setup.  But a simple
 regexp would be a quick fix and useful to both completely open and
 completely closed setups.

 This would prevent anons from masquerading as a registered user (or even
 as a username that might be registered in the future).  It would not
 prevent registered users from masquerading as other users, but an
 appropriate fix to this second problem has already been pointed out —
 remove the editable text box.

-- 
Ticket URL: <http://projects.edgewall.com/trac/ticket/1890>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets

Reply via email to