#1890: Can create tickets anonymously using the username of an authenticated
user
----------------------------------------+-----------------------------------
Reporter: [EMAIL PROTECTED] | Owner: cmlenz
Type: defect | Status: assigned
Priority: normal | Milestone: 0.10
Component: general | Version: 0.8.4
Severity: normal | Resolution:
Keywords: |
----------------------------------------+-----------------------------------
Comment (by [EMAIL PROTECTED]):
Checking whether the username field is not another user's username falls
apart for two reasons:
* If using HTTP authn done by the webserver, there's no way to reliably
get a list of all valid usernames.
* A user could be created with the same name after a comment had been
made.
--
Ticket URL: <http://projects.edgewall.com/trac/ticket/1890>
The Trac Project <http://trac.edgewall.com/>
_______________________________________________
Trac-Tickets mailing list
[email protected]
http://lists.edgewall.com/mailman/listinfo/trac-tickets
